From 223688d0bf762f84cae6eb18220b54762bbc69f0 Mon Sep 17 00:00:00 2001 From: Alex Huang Date: Thu, 2 Dec 2010 08:50:06 -0800 Subject: [PATCH 01/70] Port forwarding rules and load balancing rules rewrite --- .../agent/api/routing/RoutingCommand.java | 44 + .../api/routing/SetFirewallRulesAnswer.java | 38 + .../api/routing/SetFirewallRulesCommand.java | 43 + .../routing/SetPortForwardingRulesAnswer.java | 38 + .../SetPortForwardingRulesCommand.java | 37 + .../cloud/agent/api/to/FirewallRuleTO.java | 56 + .../agent/api/to/PortForwardingRuleTO.java | 41 + api/src/com/cloud/api/BaseCmd.java | 47 +- api/src/com/cloud/api/ResponseGenerator.java | 8 +- .../commands/AssignToLoadBalancerRuleCmd.java | 31 +- .../commands/CreateIpForwardingRuleCmd.java | 6 +- .../commands/CreateLoadBalancerRuleCmd.java | 99 +- .../commands/CreatePortForwardingRuleCmd.java | 96 +- .../commands/DeleteIpForwardingRuleCmd.java | 2 +- .../commands/DeleteLoadBalancerRuleCmd.java | 4 +- .../commands/DeletePortForwardingRuleCmd.java | 9 +- .../commands/ListIpForwardingRulesCmd.java | 6 +- .../ListLoadBalancerRuleInstancesCmd.java | 2 +- .../commands/ListLoadBalancerRulesCmd.java | 4 +- .../commands/ListPortForwardingRulesCmd.java | 6 +- .../RemoveFromLoadBalancerRuleCmd.java | 16 +- .../commands/UpdateLoadBalancerRuleCmd.java | 4 +- .../commands/UpdatePortForwardingRuleCmd.java | 19 +- api/src/com/cloud/network/NetworkService.java | 46 - .../cloud/network/element/NetworkElement.java | 15 +- .../network/lb/LoadBalancingRulesService.java | 65 + .../com/cloud/network/rules/FirewallRule.java | 42 +- .../network/{ => rules}/LoadBalancer.java | 32 +- .../network/rules/PortForwardingRule.java | 40 + .../com/cloud/network/rules/RulesService.java | 68 + .../com/cloud/server/ManagementService.java | 30 - .../api/routing/SetFirewallRuleCommand.java | 109 - .../VirtualRoutingResource.java | 144 +- .../xen/resource/CitrixResourceBase.java | 216 +- .../src/com/cloud/network/FirewallRuleVO.java | 186 -- .../network/LoadBalancerConfigurator.java | 6 +- server/src/com/cloud/api/ApiDBUtils.java | 2 +- .../src/com/cloud/api/ApiResponseHelper.java | 31 +- .../UpdateLoadBalancerRuleExecutor.java | 79 - .../UpdatePortForwardingRuleExecutor.java | 93 - .../DefaultComponentLibrary.java | 14 +- .../src/com/cloud/dao/EntityManagerImpl.java | 23 +- .../cloud/network/HAProxyConfigurator.java | 51 +- server/src/com/cloud/network/IPAddressVO.java | 6 +- .../cloud/network/LoadBalancerVMMapVO.java | 16 +- .../src/com/cloud/network/LoadBalancerVO.java | 125 +- .../src/com/cloud/network/NetworkManager.java | 29 +- .../com/cloud/network/NetworkManagerImpl.java | 2004 +++-------------- .../configuration/GuestNetworkGuru.java | 9 +- .../cloud/network/dao/FirewallRulesDao.java | 69 +- .../network/dao/FirewallRulesDaoImpl.java | 823 +++---- .../network/dao/LoadBalancerDaoImpl.java | 6 +- .../network/dao/LoadBalancerVMMapDao.java | 4 +- .../network/element/DomainRouterElement.java | 20 +- .../network/lb/LoadBalancingRulesManager.java | 10 +- .../lb/LoadBalancingRulesManagerImpl.java | 1194 ++++++++++ .../router/DomainRouterManagerImpl.java | 143 +- .../cloud/network/rules/FirewallRuleVO.java | 170 ++ .../network/rules/PortForwardingRuleVO.java | 76 + .../com/cloud/network/rules/RulesManager.java | 132 +- .../cloud/network/rules/RulesManagerImpl.java | 1244 ++++++++-- .../rules/dao/PortForwardingRuleDaoImpl.java | 57 + .../rules/dao/PortForwardingRulesDao.java | 28 + .../com/cloud/server/ManagementServer.java | 12 - .../cloud/server/ManagementServerImpl.java | 650 ++---- .../src/com/cloud/vm/UserVmManagerImpl.java | 470 ++-- setup/db/create-index-fk.sql | 2 - setup/db/create-schema.sql | 65 +- .../utils/component/ComponentLibrary.java | 23 + .../utils/component/ComponentLocator.java | 12 + utils/src/com/cloud/utils/db/GenericDao.java | 5 + .../com/cloud/utils/db/GenericDaoBase.java | 37 +- .../cloud/utils/db/GenericSearchBuilder.java | 14 +- .../src/com/cloud/utils/db/SqlGenerator.java | 12 + .../src/com/cloud/utils/db/UpdateBuilder.java | 2 +- utils/src/com/cloud/utils/net/Ip.java | 78 + utils/src/com/cloud/utils/net/NetUtils.java | 128 +- 77 files changed, 5389 insertions(+), 4234 deletions(-) create mode 100644 api/src/com/cloud/agent/api/routing/RoutingCommand.java create mode 100644 api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java create mode 100644 api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java create mode 100644 api/src/com/cloud/agent/api/routing/SetPortForwardingRulesAnswer.java create mode 100644 api/src/com/cloud/agent/api/routing/SetPortForwardingRulesCommand.java create mode 100644 api/src/com/cloud/agent/api/to/FirewallRuleTO.java create mode 100644 api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java create mode 100644 api/src/com/cloud/network/lb/LoadBalancingRulesService.java rename api/src/com/cloud/network/{ => rules}/LoadBalancer.java (67%) create mode 100644 api/src/com/cloud/network/rules/PortForwardingRule.java create mode 100644 api/src/com/cloud/network/rules/RulesService.java delete mode 100755 core/src/com/cloud/agent/api/routing/SetFirewallRuleCommand.java delete mode 100644 core/src/com/cloud/network/FirewallRuleVO.java delete mode 100644 server/src/com/cloud/async/executor/UpdateLoadBalancerRuleExecutor.java delete mode 100644 server/src/com/cloud/async/executor/UpdatePortForwardingRuleExecutor.java rename core/src/com/cloud/agent/api/routing/RoutingCommand.java => server/src/com/cloud/network/lb/LoadBalancingRulesManager.java (80%) create mode 100644 server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java create mode 100644 server/src/com/cloud/network/rules/FirewallRuleVO.java create mode 100644 server/src/com/cloud/network/rules/PortForwardingRuleVO.java create mode 100644 server/src/com/cloud/network/rules/dao/PortForwardingRuleDaoImpl.java create mode 100644 server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java create mode 100644 utils/src/com/cloud/utils/net/Ip.java diff --git a/api/src/com/cloud/agent/api/routing/RoutingCommand.java b/api/src/com/cloud/agent/api/routing/RoutingCommand.java new file mode 100644 index 00000000000..37c94f1de7c --- /dev/null +++ b/api/src/com/cloud/agent/api/routing/RoutingCommand.java @@ -0,0 +1,44 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.agent.api.routing; + +import java.util.HashMap; + +import com.cloud.agent.api.Command; + +public abstract class RoutingCommand extends Command { + HashMap accessDetails = new HashMap(0); + + protected RoutingCommand() { + super(); + } + + public void setAccessDetail(String name, String value) { + accessDetails.put(name, value); + } + + public String getAccessDetail(String name) { + return accessDetails.get(name); + } + + @Override + public boolean executeInSequence() { + return false; + } + +} diff --git a/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java b/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java new file mode 100644 index 00000000000..701b5f5aeb8 --- /dev/null +++ b/api/src/com/cloud/agent/api/routing/SetFirewallRulesAnswer.java @@ -0,0 +1,38 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.agent.api.routing; + +import com.cloud.agent.api.Answer; + +public class SetFirewallRulesAnswer extends Answer { + String[] results; + + protected SetFirewallRulesAnswer() { + } + + public SetFirewallRulesAnswer(SetFirewallRulesCommand cmd, String[] results) { + super(cmd, true, null); + + assert (cmd.getRules().length == results.length) : "rules and their results should be the same length don't you think?"; + this.results = results; + } + + public String[] getResults() { + return results; + } +} diff --git a/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java b/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java new file mode 100644 index 00000000000..56d5c1d1a81 --- /dev/null +++ b/api/src/com/cloud/agent/api/routing/SetFirewallRulesCommand.java @@ -0,0 +1,43 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.agent.api.routing; + +import java.util.List; + +import com.cloud.agent.api.to.FirewallRuleTO; + +/** + * SetFirewallRulesCommand is the transport for firewall rules. + * + * AccessDetails allow different components to put in information about + * how to access the components inside the command. + */ +public class SetFirewallRulesCommand extends RoutingCommand { + FirewallRuleTO[] rules; + + protected SetFirewallRulesCommand() { + } + + public SetFirewallRulesCommand(List rules) { + this.rules = rules.toArray(new FirewallRuleTO[rules.size()]); + } + + public FirewallRuleTO[] getRules() { + return rules; + } +} diff --git a/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesAnswer.java b/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesAnswer.java new file mode 100644 index 00000000000..b24d077a540 --- /dev/null +++ b/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesAnswer.java @@ -0,0 +1,38 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.agent.api.routing; + +import com.cloud.agent.api.Answer; + +public class SetPortForwardingRulesAnswer extends Answer { + String[] results; + protected SetPortForwardingRulesAnswer() { + super(); + } + + public SetPortForwardingRulesAnswer(SetPortForwardingRulesCommand cmd, String[] results) { + super(cmd, true, null); + + assert(cmd.getRules().length == results.length) : "Shouldn't the results match the commands?"; + this.results = results; + } + + String[] getResults() { + return results; + } +} diff --git a/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesCommand.java b/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesCommand.java new file mode 100644 index 00000000000..17b9f11c74b --- /dev/null +++ b/api/src/com/cloud/agent/api/routing/SetPortForwardingRulesCommand.java @@ -0,0 +1,37 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.agent.api.routing; + +import java.util.List; + +import com.cloud.agent.api.to.PortForwardingRuleTO; + +public class SetPortForwardingRulesCommand extends RoutingCommand { + PortForwardingRuleTO[] rules; + + protected SetPortForwardingRulesCommand() { + } + + public SetPortForwardingRulesCommand(List rules) { + this.rules = rules.toArray(new PortForwardingRuleTO[rules.size()]); + } + + public PortForwardingRuleTO[] getRules() { + return rules; + } +} diff --git a/api/src/com/cloud/agent/api/to/FirewallRuleTO.java b/api/src/com/cloud/agent/api/to/FirewallRuleTO.java new file mode 100644 index 00000000000..e26be6afb0f --- /dev/null +++ b/api/src/com/cloud/agent/api/to/FirewallRuleTO.java @@ -0,0 +1,56 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.agent.api.to; + +public class FirewallRuleTO { + String srcIp; + String protocol; + int[] srcPortRange; + boolean revoked; + String vlanNetmask; // FIXME: Get rid of this! + + protected FirewallRuleTO() { + } + + public FirewallRuleTO(String srcIp, String protocol, int srcPortStart, int srcPortEnd, boolean revoked) { + this.srcIp = srcIp; + this.protocol = protocol; + this.srcPortRange = new int[] {srcPortStart, srcPortEnd}; + this.revoked = revoked; + } + + public String getSrcIp() { + return srcIp; + } + + public String getProtocol() { + return protocol; + } + + public int[] getSrcPortRange() { + return srcPortRange; + } + + public boolean revoked() { + return revoked; + } + + public String getVlanNetmask() { + return vlanNetmask; + } +} diff --git a/api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java b/api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java new file mode 100644 index 00000000000..6ca81d84844 --- /dev/null +++ b/api/src/com/cloud/agent/api/to/PortForwardingRuleTO.java @@ -0,0 +1,41 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.agent.api.to; + +public class PortForwardingRuleTO extends FirewallRuleTO { + String dstIp; + int[] dstPortRange; + + protected PortForwardingRuleTO() { + super(); + } + + public PortForwardingRuleTO(String srcIp, int srcPortStart, int srcPortEnd, String dstIp, int dstPortStart, int dstPortEnd, String protocol, boolean revoked) { + super(srcIp, protocol, srcPortStart, srcPortEnd, revoked); + this.dstIp = dstIp; + this.dstPortRange = new int[] { dstPortStart, dstPortEnd }; + } + + public String getDstIp() { + return dstIp; + } + + public int[] getDstPortRange() { + return dstPortRange; + } +} diff --git a/api/src/com/cloud/api/BaseCmd.java b/api/src/com/cloud/api/BaseCmd.java index ae103291e6d..15c9bd62ed8 100755 --- a/api/src/com/cloud/api/BaseCmd.java +++ b/api/src/com/cloud/api/BaseCmd.java @@ -35,6 +35,8 @@ import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.DomainRouterService; import com.cloud.network.NetworkService; +import com.cloud.network.lb.LoadBalancingRulesService; +import com.cloud.network.rules.RulesService; import com.cloud.network.security.NetworkGroupService; import com.cloud.resource.ResourceService; import com.cloud.server.ManagementService; @@ -76,7 +78,6 @@ public abstract class BaseCmd { public static final int RESOURCE_IN_USE_ERROR = 536; public static final int NETWORK_RULE_CONFLICT_ERROR = 537; - public static final DateFormat INPUT_FORMAT = new SimpleDateFormat("yyyy-MM-dd"); private static final DateFormat _outputFormat = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"); @@ -100,9 +101,11 @@ public abstract class BaseCmd { public static DomainRouterService _routerService; public static ResponseGenerator _responseGenerator; public static EntityManager _entityMgr; + public static RulesService _rulesService; + public static LoadBalancingRulesService _lbService; - static void setComponents(ResponseGenerator generator){ + static void setComponents(ResponseGenerator generator) { ComponentLocator locator = ComponentLocator.getLocator(ManagementService.Name); _mgr = (ManagementService)ComponentLocator.getComponent(ManagementService.Name); _accountService = locator.getManager(AccountService.class); @@ -117,6 +120,8 @@ public abstract class BaseCmd { _consoleProxyMgr = locator.getManager(ConsoleProxyService.class); _routerService = locator.getManager(DomainRouterService.class); _entityMgr = locator.getManager(EntityManager.class); + _rulesService = locator.getManager(RulesService.class); + _lbService = locator.getManager(LoadBalancingRulesService.class); _responseGenerator = generator; } @@ -366,7 +371,9 @@ public abstract class BaseCmd { Object tagValue = tagData.second(); if (tagValue instanceof Object[]) { Object[] subObjects = (Object[])tagValue; - if (subObjects.length < 1) continue; + if (subObjects.length < 1) { + continue; + } writeObjectArray(responseType, suffixSb, i++, tagName, subObjects); } else { writeNameValuePair(suffixSb, tagName, tagValue, responseType, i++); @@ -395,7 +402,9 @@ public abstract class BaseCmd { if (tagValue instanceof Object[]) { Object[] subObjects = (Object[])tagValue; - if (subObjects.length < 1) return; + if (subObjects.length < 1) { + return; + } writeObjectArray(responseType, sb, propertyCount, tagName, subObjects); } else { if (RESPONSE_TYPE_JSON.equalsIgnoreCase(responseType)) { @@ -461,24 +470,26 @@ public abstract class BaseCmd { return xml; } int iLen = xml.length(); - if (iLen == 0) - return xml; + if (iLen == 0) { + return xml; + } StringBuffer sOUT = new StringBuffer(iLen + 256); int i = 0; for (; i < iLen; i++) { char c = xml.charAt(i); - if (c == '<') - sOUT.append("<"); - else if (c == '>') - sOUT.append(">"); - else if (c == '&') - sOUT.append("&"); - else if (c == '"') - sOUT.append("""); - else if (c == '\'') - sOUT.append("'"); - else - sOUT.append(c); + if (c == '<') { + sOUT.append("<"); + } else if (c == '>') { + sOUT.append(">"); + } else if (c == '&') { + sOUT.append("&"); + } else if (c == '"') { + sOUT.append("""); + } else if (c == '\'') { + sOUT.append("'"); + } else { + sOUT.append(c); + } } return sOUT.toString(); } diff --git a/api/src/com/cloud/api/ResponseGenerator.java b/api/src/com/cloud/api/ResponseGenerator.java index 75dad3250e8..6f2f6ad2ef7 100644 --- a/api/src/com/cloud/api/ResponseGenerator.java +++ b/api/src/com/cloud/api/ResponseGenerator.java @@ -70,12 +70,12 @@ import com.cloud.domain.Domain; import com.cloud.event.Event; import com.cloud.host.Host; import com.cloud.network.IpAddress; -import com.cloud.network.LoadBalancer; import com.cloud.network.Network; import com.cloud.network.RemoteAccessVpn; import com.cloud.network.VpnUser; import com.cloud.network.router.VirtualRouter; -import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.LoadBalancer; +import com.cloud.network.rules.PortForwardingRule; import com.cloud.network.security.IngressRule; import com.cloud.network.security.NetworkGroup; import com.cloud.network.security.NetworkGroupRules; @@ -142,9 +142,9 @@ public interface ResponseGenerator { ClusterResponse createClusterResponse(Cluster cluster); - FirewallRuleResponse createFirewallRuleResponse(FirewallRule fwRule); + FirewallRuleResponse createFirewallRuleResponse(PortForwardingRule fwRule); - IpForwardingRuleResponse createIpForwardingRuleResponse(FirewallRule fwRule); + IpForwardingRuleResponse createIpForwardingRuleResponse(PortForwardingRule fwRule); UserVmResponse createUserVm2Response(UserVm userVm); diff --git a/api/src/com/cloud/api/commands/AssignToLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/AssignToLoadBalancerRuleCmd.java index 4bc5494b85c..405cda1d635 100644 --- a/api/src/com/cloud/api/commands/AssignToLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/AssignToLoadBalancerRuleCmd.java @@ -17,6 +17,7 @@ */ package com.cloud.api.commands; +import java.util.ArrayList; import java.util.List; import org.apache.log4j.Logger; @@ -29,8 +30,8 @@ import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.SuccessResponse; import com.cloud.event.EventTypes; -import com.cloud.exception.NetworkRuleConflictException; -import com.cloud.network.LoadBalancer; +import com.cloud.exception.InvalidParameterValueException; +import com.cloud.network.rules.LoadBalancer; import com.cloud.user.Account; @Implementation(description="Assigns virtual machine or a list of virtual machines to a load balancer rule.", responseObject=SuccessResponse.class) @@ -98,16 +99,22 @@ public class AssignToLoadBalancerRuleCmd extends BaseAsyncCmd { @Override public void execute(){ - try { - boolean result = _networkService.assignToLoadBalancer(this); - if (result) { - SuccessResponse response = new SuccessResponse(getName()); - this.setResponseObject(response); - } else { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to assign load balancer rule"); - } - } catch (NetworkRuleConflictException ex) { - throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage()); + if (virtualMachineIds == null && virtualMachineId == null) { + throw new InvalidParameterValueException("Must specify virtual machine id"); + } + if (virtualMachineIds == null) { + virtualMachineIds = new ArrayList(); + } + + if (virtualMachineId != null) { + virtualMachineIds.add(virtualMachineId); + } + boolean result = _lbService.assignToLoadBalancer(getLoadBalancerId(), virtualMachineIds); + if (result) { + SuccessResponse response = new SuccessResponse(getName()); + this.setResponseObject(response); + } else { + throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to assign load balancer rule"); } } } diff --git a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java index bbff4bf0343..b6af0dbeef6 100644 --- a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java @@ -28,7 +28,7 @@ import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.FirewallRuleResponse; import com.cloud.event.EventTypes; -import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.PortForwardingRule; import com.cloud.user.Account; @Implementation(description="Creates an ip forwarding rule", responseObject=FirewallRuleResponse.class) @@ -72,7 +72,7 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd { @Override public void execute(){ - FirewallRule result = _networkService.createIpForwardingRuleOnDomr(this.getId()); + PortForwardingRule result = _rulesService.createIpForwardingRuleOnDomr(this.getId()); if (result != null) { FirewallRuleResponse fwResponse = _responseGenerator.createFirewallRuleResponse(result); fwResponse.setResponseName(getName()); @@ -85,7 +85,7 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd { @Override public void callCreate(){ - FirewallRule rule = _networkService.createIpForwardingRuleInDb(ipAddress,virtualMachineId); + PortForwardingRule rule = _rulesService.createIpForwardingRuleInDb(ipAddress,virtualMachineId); if (rule != null){ this.setId(rule.getId()); } else { diff --git a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java index 61c585fb1f4..65a5cd3c93a 100644 --- a/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateLoadBalancerRuleCmd.java @@ -18,6 +18,8 @@ package com.cloud.api.commands; +import java.util.List; + import org.apache.log4j.Logger; import com.cloud.api.ApiConstants; @@ -26,10 +28,13 @@ import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.LoadBalancerResponse; -import com.cloud.network.LoadBalancer; +import com.cloud.exception.NetworkRuleConflictException; +import com.cloud.network.rules.LoadBalancer; +import com.cloud.utils.net.Ip; +import com.cloud.utils.net.NetUtils; @Implementation(description="Creates a load balancer rule", responseObject=LoadBalancerResponse.class) -public class CreateLoadBalancerRuleCmd extends BaseCmd { +public class CreateLoadBalancerRuleCmd extends BaseCmd implements LoadBalancer { public static final Logger s_logger = Logger.getLogger(CreateLoadBalancerRuleCmd.class.getName()); private static final String s_name = "createloadbalancerruleresponse"; @@ -61,10 +66,12 @@ public class CreateLoadBalancerRuleCmd extends BaseCmd { /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// + @Override public String getAlgorithm() { return algorithm; } + @Override public String getDescription() { return description; } @@ -96,14 +103,86 @@ public class CreateLoadBalancerRuleCmd extends BaseCmd { } @Override - public void execute(){ - LoadBalancer result = _networkService.createLoadBalancerRule(this); - if (result != null) { - LoadBalancerResponse response = _responseGenerator.createLoadBalancerResponse(result); - response.setResponseName(getName()); - this.setResponseObject(response); - } else { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create load balancer rule"); + public void execute() { + LoadBalancer result = null; + try { + result = _lbService.createLoadBalancerRule(this); + } catch (NetworkRuleConflictException e) { + throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, e.getMessage()); } + LoadBalancerResponse response = _responseGenerator.createLoadBalancerResponse(result); + response.setResponseName(getName()); + this.setResponseObject(response); + } + + @Override + public long getId() { + throw new UnsupportedOperationException("not supported"); + } + + @Override + public String getXid() { + // FIXME: Should fix this. + return null; + } + + @Override + public Ip getSourceIpAddress() { + return new Ip(publicIp); + } + + @Override + public int getSourcePortStart() { + return Integer.parseInt(publicPort); + } + + @Override + public int getSourcePortEnd() { + return Integer.parseInt(publicPort); + } + + @Override + public String getProtocol() { + return NetUtils.TCP_PROTO; + } + + @Override + public Purpose getPurpose() { + return Purpose.LoadBalancing; + } + + @Override + public State getState() { + throw new UnsupportedOperationException("not supported"); + } + + @Override + public long getNetworkId() { + return -1; + } + + @Override + public long getAccountId() { + throw new UnsupportedOperationException("not supported"); + } + + @Override + public long getDomainId() { + throw new UnsupportedOperationException("not supported"); + } + + @Override + public int getDefaultPortStart() { + return Integer.parseInt(privatePort); + } + + @Override + public int getDefaultPortEnd() { + return Integer.parseInt(privatePort); + } + + @Override + public List getDestinations() { + throw new UnsupportedOperationException("not supported"); } } diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java index aa58fd14a7b..dca0fbf816e 100644 --- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java @@ -27,10 +27,13 @@ import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.FirewallRuleResponse; import com.cloud.exception.NetworkRuleConflictException; -import com.cloud.network.rules.FirewallRule; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.rules.PortForwardingRule; +import com.cloud.user.UserContext; +import com.cloud.utils.net.Ip; @Implementation(description="Creates a port forwarding rule", responseObject=FirewallRuleResponse.class) -public class CreatePortForwardingRuleCmd extends BaseCmd { +public class CreatePortForwardingRuleCmd extends BaseCmd implements PortForwardingRule { public static final Logger s_logger = Logger.getLogger(CreatePortForwardingRuleCmd.class.getName()); private static final String s_name = "createportforwardingruleresponse"; @@ -67,6 +70,7 @@ public class CreatePortForwardingRuleCmd extends BaseCmd { return privatePort; } + @Override public String getProtocol() { return protocol; } @@ -90,19 +94,93 @@ public class CreatePortForwardingRuleCmd extends BaseCmd { } @Override - public void execute(){ + public void execute() throws ResourceUnavailableException { try { - FirewallRule result = _networkService.createPortForwardingRule(this); - if (result != null) { - FirewallRuleResponse fwResponse = _responseGenerator.createFirewallRuleResponse(result); - fwResponse.setResponseName(getName()); - this.setResponseObject(fwResponse); - } else { + UserContext callerContext = UserContext.current(); + + PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, callerContext.getAccount()); + if (result == null) { throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "An existing rule for ipAddress / port / protocol of " + ipAddress + " / " + publicPort + " / " + protocol + " exits."); } + boolean success = false; + try { + success = _rulesService.applyPortForwardingRules(result.getSourceIpAddress(), callerContext.getAccount()); + } finally { + if (!success) { + _rulesService.revokePortForwardingRule(result.getId(), true, callerContext.getAccount()); + } + } + FirewallRuleResponse fwResponse = _responseGenerator.createFirewallRuleResponse(result); + fwResponse.setResponseName(getName()); + setResponseObject(fwResponse); } catch (NetworkRuleConflictException ex) { throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage()); } } + @Override + public long getId() { + throw new UnsupportedOperationException("database id can only provided by VO objects"); + } + + @Override + public String getXid() { + // FIXME: We should allow for end user to specify Xid. + return null; + } + + @Override + public Ip getSourceIpAddress() { + return new Ip(ipAddress); + } + + @Override + public int getSourcePortStart() { + return Integer.parseInt(publicPort); + } + + @Override + public int getSourcePortEnd() { + return Integer.parseInt(publicPort); + } + + @Override + public Purpose getPurpose() { + return Purpose.PortForwarding; + } + + @Override + public State getState() { + throw new UnsupportedOperationException("Should never call me to find the state"); + } + + @Override + public long getNetworkId() { + throw new UnsupportedOperationException("Not yet implemented"); + } + + @Override + public long getAccountId() { + throw new UnsupportedOperationException("Get the account id from network"); + } + + @Override + public long getDomainId() { + throw new UnsupportedOperationException("Get the domain id from network"); + } + + @Override + public Ip getDestinationIpAddress() { + throw new UnsupportedOperationException("Not implemented yet"); + } + + @Override + public int getDestinationPortStart() { + return Integer.parseInt(privatePort); + } + + @Override + public int getDestinationPortEnd() { + return Integer.parseInt(privatePort); + } } diff --git a/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java b/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java index 916c78151ab..2c62fc0a9f5 100644 --- a/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java @@ -63,7 +63,7 @@ public class DeleteIpForwardingRuleCmd extends BaseAsyncCmd { @Override public void execute(){ boolean result = false; - result = _networkService.deleteIpForwardingRule(id); + result = _rulesService.deleteIpForwardingRule(id); if (result) { SuccessResponse response = new SuccessResponse(getName()); this.setResponseObject(response); diff --git a/api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java index 9bb6255d167..356e9c0398b 100644 --- a/api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/DeleteLoadBalancerRuleCmd.java @@ -27,7 +27,7 @@ import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.SuccessResponse; import com.cloud.event.EventTypes; -import com.cloud.network.LoadBalancer; +import com.cloud.network.rules.LoadBalancer; import com.cloud.user.Account; @Implementation(description="Deletes a load balancer rule.", responseObject=SuccessResponse.class) @@ -81,7 +81,7 @@ public class DeleteLoadBalancerRuleCmd extends BaseAsyncCmd { @Override public void execute(){ - boolean result = _networkService.deleteLoadBalancerRule(this); + boolean result = _lbService.deleteLoadBalancerRule(id, true); if (result) { SuccessResponse response = new SuccessResponse(getName()); this.setResponseObject(response); diff --git a/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java index 230902236b6..a29628c2864 100644 --- a/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java @@ -25,6 +25,9 @@ import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.SuccessResponse; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.rules.PortForwardingRule; +import com.cloud.user.UserContext; @Implementation(description="Deletes a port forwarding rule", responseObject=SuccessResponse.class) public class DeletePortForwardingRuleCmd extends BaseCmd { @@ -57,9 +60,9 @@ public class DeletePortForwardingRuleCmd extends BaseCmd { } @Override - public void execute(){ - boolean result = _networkService.deletePortForwardingRule(id,false); - if (result) { + public void execute() throws ResourceUnavailableException { + PortForwardingRule result = _rulesService.revokePortForwardingRule(id, true, UserContext.current().getAccount()); + if (result != null) { SuccessResponse response = new SuccessResponse(getName()); this.setResponseObject(response); } else { diff --git a/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java b/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java index a371a48c822..7554c8b28fb 100644 --- a/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java +++ b/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java @@ -30,7 +30,7 @@ import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.FirewallRuleResponse; import com.cloud.api.response.IpForwardingRuleResponse; import com.cloud.api.response.ListResponse; -import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.PortForwardingRule; @Implementation(description="List the ip forwarding rules", responseObject=FirewallRuleResponse.class) public class ListIpForwardingRulesCmd extends BaseListCmd { @@ -82,10 +82,10 @@ public class ListIpForwardingRulesCmd extends BaseListCmd { @Override public void execute(){ - List result = _mgr.searchForIpForwardingRules(this); + List result = _rulesService.searchForIpForwardingRules(this); ListResponse response = new ListResponse(); List ipForwardingResponses = new ArrayList(); - for (FirewallRule rule : result) { + for (PortForwardingRule rule : result) { IpForwardingRuleResponse resp = _responseGenerator.createIpForwardingRuleResponse(rule); if (resp != null) { ipForwardingResponses.add(resp); diff --git a/api/src/com/cloud/api/commands/ListLoadBalancerRuleInstancesCmd.java b/api/src/com/cloud/api/commands/ListLoadBalancerRuleInstancesCmd.java index d8a467d90ac..d7b8563b876 100644 --- a/api/src/com/cloud/api/commands/ListLoadBalancerRuleInstancesCmd.java +++ b/api/src/com/cloud/api/commands/ListLoadBalancerRuleInstancesCmd.java @@ -69,7 +69,7 @@ public class ListLoadBalancerRuleInstancesCmd extends BaseListCmd { @Override public void execute(){ - List result = _mgr.listLoadBalancerInstances(this); + List result = _lbService.listLoadBalancerInstances(this); ListResponse response = new ListResponse(); List vmResponses = new ArrayList(); for (UserVm instance : result) { diff --git a/api/src/com/cloud/api/commands/ListLoadBalancerRulesCmd.java b/api/src/com/cloud/api/commands/ListLoadBalancerRulesCmd.java index 37b12409fc8..2ac47421894 100644 --- a/api/src/com/cloud/api/commands/ListLoadBalancerRulesCmd.java +++ b/api/src/com/cloud/api/commands/ListLoadBalancerRulesCmd.java @@ -29,7 +29,7 @@ import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.response.ListResponse; import com.cloud.api.response.LoadBalancerResponse; -import com.cloud.network.LoadBalancer; +import com.cloud.network.rules.LoadBalancer; @Implementation(description="Lists load balancer rules.", responseObject=LoadBalancerResponse.class) public class ListLoadBalancerRulesCmd extends BaseListCmd { @@ -98,7 +98,7 @@ public class ListLoadBalancerRulesCmd extends BaseListCmd { @Override public void execute(){ - List loadBalancers = _mgr.searchForLoadBalancers(this); + List loadBalancers = _lbService.searchForLoadBalancers(this); ListResponse response = new ListResponse(); List lbResponses = new ArrayList(); for (LoadBalancer loadBalancer : loadBalancers) { diff --git a/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java b/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java index 558871cdf89..230f9c67f4d 100644 --- a/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java +++ b/api/src/com/cloud/api/commands/ListPortForwardingRulesCmd.java @@ -28,7 +28,7 @@ import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.response.FirewallRuleResponse; import com.cloud.api.response.ListResponse; -import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.PortForwardingRule; @Implementation(description="Lists all port forwarding rules for an IP address.", responseObject=FirewallRuleResponse.class) public class ListPortForwardingRulesCmd extends BaseListCmd { @@ -62,11 +62,11 @@ public class ListPortForwardingRulesCmd extends BaseListCmd { @Override public void execute(){ - List result = _networkService.listPortForwardingRules(this); + List result = _rulesService.listPortForwardingRules(this); ListResponse response = new ListResponse(); List fwResponses = new ArrayList(); - for (FirewallRule fwRule : result) { + for (PortForwardingRule fwRule : result) { FirewallRuleResponse ruleData = _responseGenerator.createFirewallRuleResponse(fwRule); ruleData.setObjectName("portforwardingrule"); fwResponses.add(ruleData); diff --git a/api/src/com/cloud/api/commands/RemoveFromLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/RemoveFromLoadBalancerRuleCmd.java index b5ab094b8ca..5c08fc4ba8a 100644 --- a/api/src/com/cloud/api/commands/RemoveFromLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/RemoveFromLoadBalancerRuleCmd.java @@ -30,7 +30,8 @@ import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.SuccessResponse; import com.cloud.event.EventTypes; -import com.cloud.network.LoadBalancer; +import com.cloud.exception.InvalidParameterValueException; +import com.cloud.network.rules.LoadBalancer; import com.cloud.user.Account; import com.cloud.utils.StringUtils; @@ -105,7 +106,18 @@ public class RemoveFromLoadBalancerRuleCmd extends BaseAsyncCmd { @Override public void execute(){ - boolean result = _networkService.removeFromLoadBalancer(this); + if (virtualMachineIds == null && virtualMachineId == null) { + throw new InvalidParameterValueException("Must specify virtual machine id"); + } + if (virtualMachineIds == null) { + virtualMachineIds = new ArrayList(); + } + + if (virtualMachineId != null) { + virtualMachineIds.add(virtualMachineId); + } + + boolean result = _lbService.removeFromLoadBalancer(id, virtualMachineIds); if (result) { SuccessResponse response = new SuccessResponse(getName()); this.setResponseObject(response); diff --git a/api/src/com/cloud/api/commands/UpdateLoadBalancerRuleCmd.java b/api/src/com/cloud/api/commands/UpdateLoadBalancerRuleCmd.java index 35c0b3c4799..4481fcfb37f 100644 --- a/api/src/com/cloud/api/commands/UpdateLoadBalancerRuleCmd.java +++ b/api/src/com/cloud/api/commands/UpdateLoadBalancerRuleCmd.java @@ -27,7 +27,7 @@ import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.LoadBalancerResponse; import com.cloud.event.EventTypes; -import com.cloud.network.LoadBalancer; +import com.cloud.network.rules.LoadBalancer; import com.cloud.user.Account; @Implementation(description="Updates load balancer", responseObject=LoadBalancerResponse.class) @@ -108,7 +108,7 @@ public class UpdateLoadBalancerRuleCmd extends BaseAsyncCmd { @Override public void execute(){ - LoadBalancer result = _networkService.updateLoadBalancerRule(this); + LoadBalancer result = _lbService.updateLoadBalancerRule(this); if (result != null){ LoadBalancerResponse response = _responseGenerator.createLoadBalancerResponse(result); response.setResponseName(getName()); diff --git a/api/src/com/cloud/api/commands/UpdatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/UpdatePortForwardingRuleCmd.java index c676b4f3b62..bf786930fdd 100644 --- a/api/src/com/cloud/api/commands/UpdatePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/UpdatePortForwardingRuleCmd.java @@ -4,14 +4,11 @@ import org.apache.log4j.Logger; import com.cloud.api.ApiConstants; import com.cloud.api.BaseAsyncCmd; -import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; -import com.cloud.api.ServerApiException; import com.cloud.api.response.FirewallRuleResponse; import com.cloud.event.EventTypes; import com.cloud.network.IpAddress; -import com.cloud.network.rules.FirewallRule; import com.cloud.user.Account; @Implementation(responseObject=FirewallRuleResponse.class, description="Updates a port forwarding rule. Only the private port and the virtual machine can be updated.") @@ -101,13 +98,13 @@ public class UpdatePortForwardingRuleCmd extends BaseAsyncCmd { @Override public void execute(){ - FirewallRule result = _mgr.updatePortForwardingRule(this); - if (result != null) { - FirewallRuleResponse response = _responseGenerator.createFirewallRuleResponse(result); - response.setResponseName(getName()); - this.setResponseObject(response); - } else { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to update port forwarding rule"); - } +//FIXME: PortForwardingRule result = _mgr.updatePortForwardingRule(this); +// if (result != null) { +// FirewallRuleResponse response = _responseGenerator.createFirewallRuleResponse(result); +// response.setResponseName(getName()); +// this.setResponseObject(response); +// } else { +// throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to update port forwarding rule"); +// } } } diff --git a/api/src/com/cloud/network/NetworkService.java b/api/src/com/cloud/network/NetworkService.java index 04ad345671f..249dcc7fe64 100644 --- a/api/src/com/cloud/network/NetworkService.java +++ b/api/src/com/cloud/network/NetworkService.java @@ -20,30 +20,21 @@ package com.cloud.network; import java.util.List; import com.cloud.api.commands.AddVpnUserCmd; -import com.cloud.api.commands.AssignToLoadBalancerRuleCmd; import com.cloud.api.commands.AssociateIPAddrCmd; -import com.cloud.api.commands.CreateLoadBalancerRuleCmd; import com.cloud.api.commands.CreateNetworkCmd; -import com.cloud.api.commands.CreatePortForwardingRuleCmd; import com.cloud.api.commands.CreateRemoteAccessVpnCmd; -import com.cloud.api.commands.DeleteLoadBalancerRuleCmd; import com.cloud.api.commands.DeleteNetworkCmd; import com.cloud.api.commands.DeleteRemoteAccessVpnCmd; import com.cloud.api.commands.DisassociateIPAddrCmd; import com.cloud.api.commands.ListNetworksCmd; -import com.cloud.api.commands.ListPortForwardingRulesCmd; -import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd; import com.cloud.api.commands.RemoveVpnUserCmd; -import com.cloud.api.commands.UpdateLoadBalancerRuleCmd; import com.cloud.exception.AccountLimitException; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientAddressCapacityException; import com.cloud.exception.InvalidParameterValueException; -import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.ResourceUnavailableException; -import com.cloud.network.rules.FirewallRule; import com.cloud.offering.NetworkOffering; @@ -56,15 +47,6 @@ public interface NetworkService { * @throws ResourceAllocationException, InsufficientCapacityException */ IpAddress associateIP(AssociateIPAddrCmd cmd) throws ResourceAllocationException, InsufficientAddressCapacityException, ConcurrentOperationException; - /** - * Assign a virtual machine, or list of virtual machines, to a load balancer. - */ - boolean assignToLoadBalancer(AssignToLoadBalancerRuleCmd cmd) throws NetworkRuleConflictException; - - public boolean removeFromLoadBalancer(RemoveFromLoadBalancerRuleCmd cmd); - - public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd); - public LoadBalancer updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd); public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd); /** @@ -98,34 +80,6 @@ public interface NetworkService { boolean removeVpnUser(RemoveVpnUserCmd cmd) throws ConcurrentOperationException; - /** - * Create a port forwarding rule from the given ipAddress/port to the given virtual machine/port. - * @param cmd the command specifying the ip address, public port, protocol, private port, and virtual machine id. - * @return the newly created FirewallRuleVO if successful, null otherwise. - */ - public FirewallRule createPortForwardingRule(CreatePortForwardingRuleCmd cmd) throws NetworkRuleConflictException; - - /** - * List port forwarding rules assigned to an ip address - * @param cmd the command object holding the criteria for listing port forwarding rules (the ipAddress) - * @return list of port forwarding rules on the given address, empty list if no rules exist - */ - public List listPortForwardingRules(ListPortForwardingRulesCmd cmd); - - /** - * Create a load balancer rule from the given ipAddress/port to the given private port - * @param cmd the command specifying the ip address, public port, protocol, private port, and algorithm - * @return the newly created LoadBalancerVO if successful, null otherwise - */ - public LoadBalancer createLoadBalancerRule(CreateLoadBalancerRuleCmd cmd); - - FirewallRule createIpForwardingRuleInDb(String ipAddr, long virtualMachineId); - - FirewallRule createIpForwardingRuleOnDomr(long ruleId); - - boolean deleteIpForwardingRule(Long id); - boolean deletePortForwardingRule(Long id, boolean sysContext); - Network createNetwork(CreateNetworkCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; List searchForNetworks(ListNetworksCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; boolean deleteNetwork(DeleteNetworkCmd cmd) throws InvalidParameterValueException, PermissionDeniedException; diff --git a/api/src/com/cloud/network/element/NetworkElement.java b/api/src/com/cloud/network/element/NetworkElement.java index 4439861792b..cabdd12424c 100644 --- a/api/src/com/cloud/network/element/NetworkElement.java +++ b/api/src/com/cloud/network/element/NetworkElement.java @@ -3,12 +3,15 @@ */ package com.cloud.network.element; +import java.util.List; + import com.cloud.deploy.DeployDestination; import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.InsufficientNetworkCapacityException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.Network; +import com.cloud.network.rules.FirewallRule; import com.cloud.offering.NetworkOffering; import com.cloud.utils.component.Adapter; import com.cloud.vm.NicProfile; @@ -26,15 +29,13 @@ public interface NetworkElement extends Adapter { * @param offering network offering that originated the network configuration. * @return true if network configuration is now usable; false if not; null if not handled by this element. */ - boolean implement(Network config, NetworkOffering offering, DeployDestination dest, ReservationContext context) throws InsufficientCapacityException, ConcurrentOperationException, ResourceUnavailableException; + boolean implement(Network network, NetworkOffering offering, DeployDestination dest, ReservationContext context) throws InsufficientCapacityException, ConcurrentOperationException, ResourceUnavailableException; - boolean prepare(Network config, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientNetworkCapacityException; + boolean prepare(Network network, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientNetworkCapacityException; - boolean release(Network config, NicProfile nic, VirtualMachineProfile vm, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException; + boolean release(Network network, NicProfile nic, VirtualMachineProfile vm, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException; - boolean shutdown(Network config, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException; + boolean shutdown(Network network, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException; - boolean addRule(); - - boolean revokeRule(); + boolean applyRules(Network network, List rules) throws ResourceUnavailableException; } diff --git a/api/src/com/cloud/network/lb/LoadBalancingRulesService.java b/api/src/com/cloud/network/lb/LoadBalancingRulesService.java new file mode 100644 index 00000000000..c8db7e5d69a --- /dev/null +++ b/api/src/com/cloud/network/lb/LoadBalancingRulesService.java @@ -0,0 +1,65 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.network.lb; + +import java.util.List; + +import com.cloud.api.commands.ListLoadBalancerRuleInstancesCmd; +import com.cloud.api.commands.ListLoadBalancerRulesCmd; +import com.cloud.api.commands.UpdateLoadBalancerRuleCmd; +import com.cloud.exception.NetworkRuleConflictException; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.rules.LoadBalancer; +import com.cloud.uservm.UserVm; + +public interface LoadBalancingRulesService { + /** + * Create a load balancer rule from the given ipAddress/port to the given private port + * @param cmd the command specifying the ip address, public port, protocol, private port, and algorithm + * @return the newly created LoadBalancerVO if successful, null otherwise + */ + LoadBalancer createLoadBalancerRule(LoadBalancer lb) throws NetworkRuleConflictException; + + LoadBalancer updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd); + + boolean deleteLoadBalancerRule(long lbRuleId, boolean apply); + + /** + * Assign a virtual machine, or list of virtual machines, to a load balancer. + */ + boolean assignToLoadBalancer(long lbRuleId, List vmIds); + + boolean removeFromLoadBalancer(long lbRuleId, List vmIds); + + boolean applyLoadBalancerConfig(long id) throws ResourceUnavailableException; + /** + * List instances that have either been applied to a load balancer or are eligible to be assigned to a load balancer. + * @param cmd + * @return list of vm instances that have been or can be applied to a load balancer + */ + List listLoadBalancerInstances(ListLoadBalancerRuleInstancesCmd cmd); + + /** + * List load balancer rules based on the given criteria + * @param cmd the command that specifies the criteria to use for listing load balancers. Load balancers can be listed + * by id, name, public ip, and vm instance id + * @return list of load balancers that match the criteria + */ + List searchForLoadBalancers(ListLoadBalancerRulesCmd cmd); + +} diff --git a/api/src/com/cloud/network/rules/FirewallRule.java b/api/src/com/cloud/network/rules/FirewallRule.java index b87b6eeccab..7e4e94f2338 100644 --- a/api/src/com/cloud/network/rules/FirewallRule.java +++ b/api/src/com/cloud/network/rules/FirewallRule.java @@ -17,10 +17,22 @@ */ package com.cloud.network.rules; -/** - * Specifies the port forwarding for firewall rule. - */ -public interface FirewallRule { +import com.cloud.acl.ControlledEntity; +import com.cloud.utils.net.Ip; + +public interface FirewallRule extends ControlledEntity { + enum Purpose { + PortForwarding, + LoadBalancing, + Vpn, + } + + enum State { + Staged, // Rule been created but has never got through network rule conflict detection. Rules in this state can not be sent to network elements. + Add, // Add means the rule has been created and has gone through network rule conflict detection. + Revoke // Revoke means this rule has been revoked. If this rule has been sent to the network elements, the rule will be deleted from database. + } + /** * @return database id. */ @@ -34,22 +46,26 @@ public interface FirewallRule { /** * @return public ip address. */ - String getPublicIpAddress(); + Ip getSourceIpAddress(); /** - * @return public port. + * @return first port of the source port range. */ - String getPublicPort(); + int getSourcePortStart(); /** - * @return private ip address. + * @return last port of the source prot range. If this is null, that means only one port is mapped. */ - String getPrivateIpAddress(); - + int getSourcePortEnd(); + /** - * @return private port. + * @return protocol to open these ports for. */ - String getPrivatePort(); - String getProtocol(); + + Purpose getPurpose(); + + State getState(); + + long getNetworkId(); } diff --git a/api/src/com/cloud/network/LoadBalancer.java b/api/src/com/cloud/network/rules/LoadBalancer.java similarity index 67% rename from api/src/com/cloud/network/LoadBalancer.java rename to api/src/com/cloud/network/rules/LoadBalancer.java index 792f789fc50..a16cd599767 100644 --- a/api/src/com/cloud/network/LoadBalancer.java +++ b/api/src/com/cloud/network/rules/LoadBalancer.java @@ -15,30 +15,30 @@ * along with this program. If not, see . * */ -package com.cloud.network; +package com.cloud.network.rules; -public interface LoadBalancer { - long getId(); +import java.util.List; + +/** + * Definition for a LoadBalancer + */ +public interface LoadBalancer extends FirewallRule { String getName(); - void setName(String name); String getDescription(); - void setDescription(String description); - long getAccountId(); - - String getIpAddress(); - - String getPublicPort(); - - String getPrivatePort(); - void setPrivatePort(String privatePort); + int getDefaultPortStart(); + + int getDefaultPortEnd(); String getAlgorithm(); - void setAlgorithm(String algorithm); - Long getDomainId(); + List getDestinations(); - String getAccountName(); + public interface Destination { + String getIpAddress(); + int getDestinationPortStart(); + int getDestinationPortEnd(); + } } diff --git a/api/src/com/cloud/network/rules/PortForwardingRule.java b/api/src/com/cloud/network/rules/PortForwardingRule.java new file mode 100644 index 00000000000..7ba685c6d46 --- /dev/null +++ b/api/src/com/cloud/network/rules/PortForwardingRule.java @@ -0,0 +1,40 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.network.rules; + +import com.cloud.utils.net.Ip; + +/** + * Specifies the port forwarding for firewall rule. + */ +public interface PortForwardingRule extends FirewallRule { + /** + * @return destination ip address. + */ + Ip getDestinationIpAddress(); + + /** + * @return start of destination port. + */ + int getDestinationPortStart(); + + /** + * @return end of destination port range + */ + int getDestinationPortEnd(); +} diff --git a/api/src/com/cloud/network/rules/RulesService.java b/api/src/com/cloud/network/rules/RulesService.java new file mode 100644 index 00000000000..96d77d18087 --- /dev/null +++ b/api/src/com/cloud/network/rules/RulesService.java @@ -0,0 +1,68 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.network.rules; + +import java.util.List; + +import com.cloud.api.commands.ListIpForwardingRulesCmd; +import com.cloud.api.commands.ListPortForwardingRulesCmd; +import com.cloud.exception.NetworkRuleConflictException; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.user.Account; +import com.cloud.utils.net.Ip; + +public interface RulesService { + List searchForIpForwardingRules(ListIpForwardingRulesCmd cmd); + + /** + * List port forwarding rules assigned to an ip address + * @param cmd the command object holding the criteria for listing port forwarding rules (the ipAddress) + * @return list of port forwarding rules on the given address, empty list if no rules exist + */ + public List listPortForwardingRules(ListPortForwardingRulesCmd cmd); + + PortForwardingRule createIpForwardingRuleInDb(String ipAddr, long virtualMachineId); + + PortForwardingRule createIpForwardingRuleOnDomr(long ruleId); + + boolean deleteIpForwardingRule(Long id); + boolean deletePortForwardingRule(Long id, boolean sysContext); + + boolean applyFirewallRules(Ip ip, Account caller) throws ResourceUnavailableException; + boolean applyNatRules(Ip ip, Account caller) throws ResourceUnavailableException; + boolean applyPortForwardingRules(Ip ip, Account caller) throws ResourceUnavailableException; + + /** + * Creates a port forwarding rule between two ip addresses or between + * an ip address and a virtual machine. + * @param rule rule to be created. + * @param vmId vm to be linked to. If specified the destination ip address is ignored. + * @param caller caller + * @return PortForwardingRule if created. + * @throws NetworkRuleConflictException if conflicts in the network rules are detected. + */ + PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Account caller) throws NetworkRuleConflictException; + /** + * Revokes a port forwarding rule + * @param ruleId the id of the rule to revoke. + * @param caller + * @return + */ + PortForwardingRule revokePortForwardingRule(long ruleId, boolean apply, Account caller); + +} diff --git a/api/src/com/cloud/server/ManagementService.java b/api/src/com/cloud/server/ManagementService.java index 4ebb4769926..009fe7ae061 100644 --- a/api/src/com/cloud/server/ManagementService.java +++ b/api/src/com/cloud/server/ManagementService.java @@ -45,10 +45,7 @@ import com.cloud.api.commands.ListGuestOsCategoriesCmd; import com.cloud.api.commands.ListGuestOsCmd; import com.cloud.api.commands.ListHostsCmd; import com.cloud.api.commands.ListHypervisorsCmd; -import com.cloud.api.commands.ListIpForwardingRulesCmd; import com.cloud.api.commands.ListIsosCmd; -import com.cloud.api.commands.ListLoadBalancerRuleInstancesCmd; -import com.cloud.api.commands.ListLoadBalancerRulesCmd; import com.cloud.api.commands.ListPodsByCmd; import com.cloud.api.commands.ListPreallocatedLunsCmd; import com.cloud.api.commands.ListPublicIpAddressesCmd; @@ -75,7 +72,6 @@ import com.cloud.api.commands.StopSystemVmCmd; import com.cloud.api.commands.UpdateDomainCmd; import com.cloud.api.commands.UpdateIsoCmd; import com.cloud.api.commands.UpdateIsoPermissionsCmd; -import com.cloud.api.commands.UpdatePortForwardingRuleCmd; import com.cloud.api.commands.UpdateTemplateCmd; import com.cloud.api.commands.UpdateTemplatePermissionsCmd; import com.cloud.api.commands.UpdateVMGroupCmd; @@ -99,11 +95,9 @@ import com.cloud.exception.ResourceUnavailableException; import com.cloud.exception.StorageUnavailableException; import com.cloud.host.Host; import com.cloud.network.IpAddress; -import com.cloud.network.LoadBalancer; import com.cloud.network.RemoteAccessVpn; import com.cloud.network.VpnUser; import com.cloud.network.router.VirtualRouter; -import com.cloud.network.rules.FirewallRule; import com.cloud.offering.DiskOffering; import com.cloud.offering.ServiceOffering; import com.cloud.org.Cluster; @@ -222,13 +216,6 @@ public interface ManagementService { */ List searchForUserVMs(ListVMsCmd cmd); - /** - * Update an existing port forwarding rule on the given public IP / public port for the given protocol - * @param cmd - the UpdatePortForwardingRuleCmd command that wraps publicIp, privateIp, publicPort, privatePort, protocol of the rule to update - * @return the new firewall rule if updated, null if no rule on public IP / public port of that protocol could be found - */ - FirewallRule updatePortForwardingRule(UpdatePortForwardingRuleCmd cmd); - /** * Obtains a list of events by the specified search criteria. * Can search by: "username", "type", "level", "startDate", "endDate" @@ -372,21 +359,6 @@ public interface ManagementService { */ List searchForDiskOfferings(ListDiskOfferingsCmd cmd); - /** - * List instances that have either been applied to a load balancer or are eligible to be assigned to a load balancer. - * @param cmd - * @return list of vm instances that have been or can be applied to a load balancer - */ - List listLoadBalancerInstances(ListLoadBalancerRuleInstancesCmd cmd); - - /** - * List load balancer rules based on the given criteria - * @param cmd the command that specifies the criteria to use for listing load balancers. Load balancers can be listed - * by id, name, public ip, and vm instance id - * @return list of load balancers that match the criteria - */ - List searchForLoadBalancers(ListLoadBalancerRulesCmd cmd); - /** * List storage pools that match the given criteria * @param cmd the command that wraps the search criteria (zone, pod, name, IP address, path, and cluster id) @@ -449,8 +421,6 @@ public interface ManagementService { public List searchForVpnUsers(ListVpnUsersCmd cmd); - List searchForIpForwardingRules(ListIpForwardingRulesCmd cmd); - String getVersion(); /** diff --git a/core/src/com/cloud/agent/api/routing/SetFirewallRuleCommand.java b/core/src/com/cloud/agent/api/routing/SetFirewallRuleCommand.java deleted file mode 100755 index d04e91ba8ff..00000000000 --- a/core/src/com/cloud/agent/api/routing/SetFirewallRuleCommand.java +++ /dev/null @@ -1,109 +0,0 @@ -/** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. - * - * This software is licensed under the GNU General Public License v3 or later. - * - * It is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or any later version. - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ -package com.cloud.agent.api.routing; - -import com.cloud.network.FirewallRuleVO; - -public class SetFirewallRuleCommand extends RoutingCommand { - FirewallRuleVO rule; - String routerName; - String routerIpAddress; - String oldPrivateIP = null; - String oldPrivatePort = null; - boolean create = false; - - protected SetFirewallRuleCommand() { - } - - public SetFirewallRuleCommand(String routerName, String routerIpAddress, FirewallRuleVO rule1, String oldPrivateIP, String oldPrivatePort) { - this.routerName = routerName; - this.routerIpAddress = routerIpAddress; - this.rule = new FirewallRuleVO(rule1); - this.oldPrivateIP = oldPrivateIP; - this.oldPrivatePort = oldPrivatePort; - } - - public SetFirewallRuleCommand(String routerName, String routerIpAddress,FirewallRuleVO rule2, boolean create) { - this.routerName = routerName; - this.routerIpAddress = routerIpAddress; - this.rule = new FirewallRuleVO(rule2); - this.create = create; - } - - @Override - public boolean executeInSequence() { - return false; - } - - public FirewallRuleVO getRule() { - return rule; - } - - public String getPrivateIpAddress() { - return rule.getPrivateIpAddress(); - } - - public String getPublicIpAddress() { - return rule.getPublicIpAddress(); - } - - public String getVlanNetmask() { - return rule.getVlanNetmask(); - } - - public String getPublicPort() { - return rule.getPublicPort(); - } - - public String getPrivatePort() { - return rule.getPrivatePort(); - } - - public String getRouterName() { - return routerName; - } - - public String getRouterIpAddress() { - return routerIpAddress; - } - - public boolean isEnable() { - return rule.isEnabled(); - } - - public String getProtocol() { - return rule.getProtocol(); - } - - public String getOldPrivateIP() { - return this.oldPrivateIP; - } - - public String getOldPrivatePort() { - return this.oldPrivatePort; - } - -// public boolean isNat(){ -// return this.nat; -// } - - public boolean isCreate() { - return create; - } - -} diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java index 62a2dc8960a..115efd2803d 100755 --- a/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java +++ b/core/src/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResource.java @@ -30,16 +30,14 @@ import java.net.InetSocketAddress; import java.net.URL; import java.net.URLConnection; import java.nio.channels.SocketChannel; -import java.util.ArrayList; -import java.util.Hashtable; import java.util.List; import java.util.Map; import javax.ejb.Local; import javax.naming.ConfigurationException; -import org.apache.log4j.Logger; import org.apache.commons.codec.binary.Base64; +import org.apache.log4j.Logger; import com.cloud.agent.api.Answer; import com.cloud.agent.api.Command; @@ -50,11 +48,9 @@ import com.cloud.agent.api.routing.DhcpEntryCommand; import com.cloud.agent.api.routing.IPAssocCommand; import com.cloud.agent.api.routing.LoadBalancerCfgCommand; import com.cloud.agent.api.routing.SavePasswordCommand; -import com.cloud.agent.api.routing.SetFirewallRuleCommand; import com.cloud.agent.api.routing.VmDataCommand; import com.cloud.utils.NumbersUtil; import com.cloud.utils.component.Manager; -import com.cloud.utils.net.NetUtils; import com.cloud.utils.script.OutputInterpreter; import com.cloud.utils.script.Script; @@ -90,9 +86,10 @@ public class VirtualRoutingResource implements Manager { public Answer executeRequest(final Command cmd) { try { - if (cmd instanceof SetFirewallRuleCommand) { - return execute((SetFirewallRuleCommand)cmd); - }else if (cmd instanceof LoadBalancerCfgCommand) { +// if (cmd instanceof SetFirewallRuleCommand) { +// return execute((SetFirewallRuleCommand)cmd); +// }else + if (cmd instanceof LoadBalancerCfgCommand) { return execute((LoadBalancerCfgCommand)cmd); } else if (cmd instanceof IPAssocCommand) { return execute((IPAssocCommand)cmd); @@ -216,7 +213,9 @@ public class VirtualRoutingResource implements Manager { private String setLoadBalancerConfig(final String cfgFile, final String[] addRules, final String[] removeRules, String routerIp) { - if (routerIp == null) routerIp = "none"; + if (routerIp == null) { + routerIp = "none"; + } final Script command = new Script(_loadbPath, _timeout, s_logger); @@ -293,8 +292,9 @@ public class VirtualRoutingResource implements Manager { final StringBuilder sb2 = new StringBuilder(); String line = null; try { - while ((line = reader.readLine()) != null) - sb2.append(line + "\n"); + while ((line = reader.readLine()) != null) { + sb2.append(line + "\n"); + } result = sb2.toString(); } catch (final IOException e) { success = false; @@ -377,8 +377,12 @@ public class VirtualRoutingResource implements Manager { return null; } - if (oldPrivateIP == null) oldPrivateIP = ""; - if (oldPrivatePort == null) oldPrivatePort = ""; + if (oldPrivateIP == null) { + oldPrivateIP = ""; + } + if (oldPrivatePort == null) { + oldPrivatePort = ""; + } final Script command = new Script(_firewallPath, _timeout, s_logger); @@ -424,8 +428,9 @@ public class VirtualRoutingResource implements Manager { String result = cmd.execute(); if (result != null) { return false; - } else - return true; + } else { + return true; + } } private void stopDnsmasq(String dnsmasqName) { @@ -446,55 +451,56 @@ public class VirtualRoutingResource implements Manager { } - protected Answer execute(final SetFirewallRuleCommand cmd) { - String args; - if(cmd.getProtocol().toLowerCase().equals(NetUtils.NAT_PROTO)){ - //1:1 NAT needs instanceip;publicip;domrip;op - if(cmd.isCreate()) - args = "-A"; - else - args = "-D"; - - args += " -l " + cmd.getPublicIpAddress(); - args += " -i " + cmd.getRouterIpAddress(); - args += " -r " + cmd.getPrivateIpAddress(); - args += " -G " + cmd.getProtocol(); - }else{ - if (cmd.isEnable()) { - args = "-A"; - } else { - args = "-D"; - } - - args += " -P " + cmd.getProtocol().toLowerCase(); - args += " -l " + cmd.getPublicIpAddress(); - args += " -p " + cmd.getPublicPort(); - args += " -n " + cmd.getRouterName(); - args += " -i " + cmd.getRouterIpAddress(); - args += " -r " + cmd.getPrivateIpAddress(); - args += " -d " + cmd.getPrivatePort(); - args += " -N " + cmd.getVlanNetmask(); - - String oldPrivateIP = cmd.getOldPrivateIP(); - String oldPrivatePort = cmd.getOldPrivatePort(); - - if (oldPrivateIP != null) { - args += " -w " + oldPrivateIP; - } - - if (oldPrivatePort != null) { - args += " -x " + oldPrivatePort; - } - } - - final Script command = new Script(_firewallPath, _timeout, s_logger); - String [] argsArray = args.split(" "); - for (String param : argsArray) { - command.add(param); - } - String result = command.execute(); - return new Answer(cmd, result == null, result); - } +// protected Answer execute(final SetFirewallRuleCommand cmd) { +// String args; +// if(cmd.getProtocol().toLowerCase().equals(NetUtils.NAT_PROTO)){ +// //1:1 NAT needs instanceip;publicip;domrip;op +// if(cmd.isCreate()) { +// args = "-A"; +// } else { +// args = "-D"; +// } +// +// args += " -l " + cmd.getPublicIpAddress(); +// args += " -i " + cmd.getRouterIpAddress(); +// args += " -r " + cmd.getPrivateIpAddress(); +// args += " -G " + cmd.getProtocol(); +// }else{ +// if (cmd.isEnable()) { +// args = "-A"; +// } else { +// args = "-D"; +// } +// +// args += " -P " + cmd.getProtocol().toLowerCase(); +// args += " -l " + cmd.getPublicIpAddress(); +// args += " -p " + cmd.getPublicPort(); +// args += " -n " + cmd.getRouterName(); +// args += " -i " + cmd.getRouterIpAddress(); +// args += " -r " + cmd.getPrivateIpAddress(); +// args += " -d " + cmd.getPrivatePort(); +// args += " -N " + cmd.getVlanNetmask(); +// +// String oldPrivateIP = cmd.getOldPrivateIP(); +// String oldPrivatePort = cmd.getOldPrivatePort(); +// +// if (oldPrivateIP != null) { +// args += " -w " + oldPrivateIP; +// } +// +// if (oldPrivatePort != null) { +// args += " -x " + oldPrivatePort; +// } +// } +// +// final Script command = new Script(_firewallPath, _timeout, s_logger); +// String [] argsArray = args.split(" "); +// for (String param : argsArray) { +// command.add(param); +// } +// String result = command.execute(); +// return new Answer(cmd, result == null, result); +// } protected String getDefaultScriptsDir() { return "scripts/network/domr/dom0"; @@ -510,13 +516,15 @@ public class VirtualRoutingResource implements Manager { _scriptsDir = (String)params.get("domr.scripts.dir"); if (_scriptsDir == null) { - if(s_logger.isInfoEnabled()) - s_logger.info("VirtualRoutingResource _scriptDir can't be initialized from domr.scripts.dir param, use default" ); + if(s_logger.isInfoEnabled()) { + s_logger.info("VirtualRoutingResource _scriptDir can't be initialized from domr.scripts.dir param, use default" ); + } _scriptsDir = getDefaultScriptsDir(); } - if(s_logger.isInfoEnabled()) - s_logger.info("VirtualRoutingResource _scriptDir to use: " + _scriptsDir); + if(s_logger.isInfoEnabled()) { + s_logger.info("VirtualRoutingResource _scriptDir to use: " + _scriptsDir); + } String value = (String)params.get("scripts.timeout"); _timeout = NumbersUtil.parseInt(value, 120) * 1000; diff --git a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java index 44f6c4d50e3..8a230c23844 100644 --- a/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java +++ b/core/src/com/cloud/hypervisor/xen/resource/CitrixResourceBase.java @@ -133,7 +133,8 @@ import com.cloud.agent.api.routing.IPAssocCommand; import com.cloud.agent.api.routing.LoadBalancerCfgCommand; import com.cloud.agent.api.routing.RemoteAccessVpnCfgCommand; import com.cloud.agent.api.routing.SavePasswordCommand; -import com.cloud.agent.api.routing.SetFirewallRuleCommand; +import com.cloud.agent.api.routing.SetPortForwardingRulesAnswer; +import com.cloud.agent.api.routing.SetPortForwardingRulesCommand; import com.cloud.agent.api.routing.VmDataCommand; import com.cloud.agent.api.routing.VpnUsersCfgCommand; import com.cloud.agent.api.storage.CopyVolumeAnswer; @@ -142,11 +143,12 @@ import com.cloud.agent.api.storage.CreateAnswer; import com.cloud.agent.api.storage.CreateCommand; import com.cloud.agent.api.storage.CreatePrivateTemplateAnswer; import com.cloud.agent.api.storage.DestroyCommand; -import com.cloud.agent.api.storage.PrimaryStorageDownloadCommand; import com.cloud.agent.api.storage.PrimaryStorageDownloadAnswer; +import com.cloud.agent.api.storage.PrimaryStorageDownloadCommand; import com.cloud.agent.api.storage.ShareAnswer; import com.cloud.agent.api.storage.ShareCommand; import com.cloud.agent.api.to.NicTO; +import com.cloud.agent.api.to.PortForwardingRuleTO; import com.cloud.agent.api.to.StorageFilerTO; import com.cloud.agent.api.to.VirtualMachineTO; import com.cloud.agent.api.to.VirtualMachineTO.Monitor; @@ -463,8 +465,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR continue; } - if (vdir.VBDs == null) + if (vdir.VBDs == null) { continue; + } for (VBD vbd : vdir.VBDs) { try { @@ -530,8 +533,8 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR public Answer executeRequest(Command cmd) { if (cmd instanceof CreateCommand) { return execute((CreateCommand) cmd); - } else if (cmd instanceof SetFirewallRuleCommand) { - return execute((SetFirewallRuleCommand) cmd); + } else if (cmd instanceof SetPortForwardingRulesCommand) { + return execute((SetPortForwardingRulesCommand) cmd); } else if (cmd instanceof LoadBalancerCfgCommand) { return execute((LoadBalancerCfgCommand) cmd); } else if (cmd instanceof IPAssocCommand) { @@ -1038,8 +1041,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR String args = "-h " + computingHostIp; String result = callHostPlugin("vmops", "pingtest", "args", args); - if (result == null || result.isEmpty()) + if (result == null || result.isEmpty()) { return false; + } return true; } @@ -1050,8 +1054,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR private boolean doPingTest(final String domRIp, final String vmIp) { String args = "-i " + domRIp + " -p " + vmIp; String result = callHostPlugin("vmops", "pingtest", "args", args); - if (result == null || result.isEmpty()) + if (result == null || result.isEmpty()) { return false; + } return true; } @@ -1145,53 +1150,51 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR } } - protected Answer execute(final SetFirewallRuleCommand cmd) { + protected SetPortForwardingRulesAnswer execute(SetPortForwardingRulesCommand cmd) { String args; + + String routerIp = cmd.getAccessDetail("router.ip"); + String routerName = cmd.getAccessDetail("router.name"); - if(cmd.getProtocol().toLowerCase().equals(NetUtils.NAT_PROTO)){ - //1:1 NAT needs instanceip;publicip;domrip;op - if(cmd.isCreate()) - args = "-A"; - else - args = "-D"; - - args += " -l " + cmd.getPublicIpAddress(); - args += " -i " + cmd.getRouterIpAddress(); - args += " -r " + cmd.getPrivateIpAddress(); - args += " -G " + cmd.getProtocol(); - }else{ - if (cmd.isEnable()) { - args = "-A"; + String[] results = new String[cmd.getRules().length]; + int i = 0; + for (PortForwardingRuleTO rule : cmd.getRules()) { + if (rule.getProtocol().toLowerCase().equals(NetUtils.NAT_PROTO)){ + //1:1 NAT needs instanceip;publicip;domrip;op + args = rule.revoked() ? "-D" : "-A"; + + args += " -l " + rule.getSrcIp(); + args += " -i " + routerIp; + args += " -r " + rule.getDstIp(); + args += " -G " + rule.getProtocol(); } else { - args = "-D"; + args = rule.revoked() ? "-D" : "-A"; + + args += " -P " + rule.getProtocol().toLowerCase(); + args += " -l " + rule.getSrcIp(); + args += " -p " + rule.getSrcPortRange()[0]; + args += " -n " + routerName; + args += " -i " + routerIp; + args += " -r " + rule.getDstIp(); + args += " -d " + rule.getDstPortRange()[0]; + args += " -N " + rule.getVlanNetmask(); + +// String oldPrivateIP = rule.getOldPrivateIP(); +// String oldPrivatePort = rule.getOldPrivatePort(); +// +// if (oldPrivateIP != null) { +// args += " -w " + oldPrivateIP; +// } +// +// if (oldPrivatePort != null) { +// args += " -x " + oldPrivatePort; +// } } - - args += " -P " + cmd.getProtocol().toLowerCase(); - args += " -l " + cmd.getPublicIpAddress(); - args += " -p " + cmd.getPublicPort(); - args += " -n " + cmd.getRouterName(); - args += " -i " + cmd.getRouterIpAddress(); - args += " -r " + cmd.getPrivateIpAddress(); - args += " -d " + cmd.getPrivatePort(); - args += " -N " + cmd.getVlanNetmask(); - - String oldPrivateIP = cmd.getOldPrivateIP(); - String oldPrivatePort = cmd.getOldPrivatePort(); - - if (oldPrivateIP != null) { - args += " -w " + oldPrivateIP; - } - - if (oldPrivatePort != null) { - args += " -x " + oldPrivatePort; - } + String result = callHostPlugin("vmops", "setFirewallRule", "args", args); + results[i++] = (result == null || result.isEmpty()) ? "Failed" : null; } - String result = callHostPlugin("vmops", "setFirewallRule", "args", args); - if (result == null || result.isEmpty()) { - return new Answer(cmd, false, "SetFirewallRule failed"); - } - return new Answer(cmd); + return new SetPortForwardingRulesAnswer(cmd, results); } protected Answer execute(final LoadBalancerCfgCommand cmd) { @@ -1623,8 +1626,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR } HashMap vmStatsUUIDMap = getVmStats(cmd, vmUUIDs, cmd.getHostGuid()); - if( vmStatsUUIDMap == null ) + if( vmStatsUUIDMap == null ) { return new GetVmStatsAnswer(cmd, vmStatsNameMap); + } for (String vmUUID : vmStatsUUIDMap.keySet()) { vmStatsNameMap.put(vmNames.get(vmUUIDs.indexOf(vmUUID)), vmStatsUUIDMap.get(vmUUID)); @@ -1720,10 +1724,12 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR String stats = ""; try { - if (flag == 1) + if (flag == 1) { stats = getHostStatsRawXML(); - if (flag == 2) + } + if (flag == 2) { stats = getVmStatsRawXML(); + } } catch (Exception e1) { s_logger.warn("Error whilst collecting raw stats from plugin:" + e1); return null; @@ -1733,8 +1739,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR // s_logger.debug("Length of raw xml is:"+stats.length()); //stats are null when the host plugin call fails (host down state) - if(stats == null) - return null; + if(stats == null) { + return null; + } StringReader statsReader = new StringReader(stats); InputSource statsSource = new InputSource(statsReader); @@ -2073,8 +2080,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR int index = tmplturl.lastIndexOf("/"); String mountpoint = tmplturl.substring(0, index); String tmpltname = null; - if (index < tmplturl.length() - 1) + if (index < tmplturl.length() - 1) { tmpltname = tmplturl.substring(index + 1).replace(".vhd", ""); + } try { Connection conn = getConnection(); String pUuid = cmd.getPoolUuid(); @@ -2293,8 +2301,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR } VMGuestMetrics vmmetric = vm.getGuestMetrics(conn); - if (isRefNull(vmmetric)) + if (isRefNull(vmmetric)) { continue; + } Map PVversion = vmmetric.getPVDriversVersion(conn); if (PVversion != null && PVversion.containsKey("major")) { @@ -2937,7 +2946,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR vifr.device = devNum; vifr.MAC = mac; vifr.network = network; - if ( rate == 0 ) rate = 200; + if ( rate == 0 ) { + rate = 200; + } vifr.qosAlgorithmType = "ratelimit"; vifr.qosAlgorithmParams = new HashMap(); // convert mbs to kilobyte per second @@ -2972,12 +2983,15 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR // stop vm which is running on this host or is in halted state for (VM vm : vms) { VM.Record vmr = vm.getRecord(conn); - if (vmr.powerState != VmPowerState.RUNNING) + if (vmr.powerState != VmPowerState.RUNNING) { continue; - if (isRefNull(vmr.residentOn)) + } + if (isRefNull(vmr.residentOn)) { continue; - if (vmr.residentOn.getUuid(conn).equals(_host.uuid)) + } + if (vmr.residentOn.getUuid(conn).equals(_host.uuid)) { continue; + } vms.remove(vm); } @@ -3143,8 +3157,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR if (s_logger.isDebugEnabled()) { s_logger.debug("Trying to connect to " + ipAddress); } - if (pingdomr(ipAddress, Integer.toString(port))) + if (pingdomr(ipAddress, Integer.toString(port))) { return null; + } try { Thread.sleep(_sleep); } catch (final InterruptedException e) { @@ -3288,8 +3303,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR String pvargs = vm.getPVArgs(conn); pvargs = pvargs + bootArgs; - if (s_logger.isInfoEnabled()) + if (s_logger.isInfoEnabled()) { s_logger.info("PV args for system vm are " + pvargs); + } vm.setPVArgs(conn, pvargs); /* destroy console */ @@ -3313,8 +3329,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR } } - if (s_logger.isInfoEnabled()) + if (s_logger.isInfoEnabled()) { s_logger.info("Ping system vm command port, " + privateIp + ":" + cmdPort); + } state = State.Running; String result = connect(vmName, privateIp, cmdPort); @@ -3323,8 +3340,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR s_logger.warn(msg); throw new CloudRuntimeException(msg); } else { - if (s_logger.isInfoEnabled()) + if (s_logger.isInfoEnabled()) { s_logger.info("Ping system vm command port succeeded for vm " + vmName); + } } return null; @@ -3402,8 +3420,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR try { Connection conn = getConnection(); Set allowedVBDDevices = vm.getAllowedVBDDevices(conn); - if (allowedVBDDevices.size() == 0) + if (allowedVBDDevices.size() == 0) { throw new CloudRuntimeException("Could not find an available slot in VM with name: " + vm.getNameLabel(conn) + " to attach a new disk."); + } return allowedVBDDevices.iterator().next(); } catch (XmlRpcException e) { String msg = "Catch XmlRpcException due to: " + e.getMessage(); @@ -3457,8 +3476,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR protected boolean setIptables() { String result = callHostPlugin("vmops", "setIptables"); - if (result == null || result.isEmpty()) + if (result == null || result.isEmpty()) { return false; + } return true; } @@ -3813,8 +3833,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR Connection conn = getConnection(); String lvmuuid = lvmsr.getUuid(conn); long cap = lvmsr.getPhysicalSize(conn); - if (cap < 0) + if (cap < 0) { return null; + } long avail = cap - lvmsr.getPhysicalUtilisation(conn); lvmsr.setNameLabel(conn, lvmuuid); String name = "VMOps local storage pool in host : " + _host.uuid; @@ -4585,8 +4606,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR _guestNetworkName = (String)params.get("guest.network.device"); _linkLocalPrivateNetworkName = (String) params.get("private.linkLocal.device"); - if (_linkLocalPrivateNetworkName == null) + if (_linkLocalPrivateNetworkName == null) { _linkLocalPrivateNetworkName = "cloud_link_local_network"; + } _storageNetworkName1 = (String) params.get("storage.network.device1"); if (_storageNetworkName1 == null) { @@ -4853,28 +4875,34 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR Set srs = SR.getByNameLabel(conn, pool.getUuid()); for (SR sr : srs) { - if (!SRType.LVMOISCSI.equals(sr.getType(conn))) + if (!SRType.LVMOISCSI.equals(sr.getType(conn))) { continue; + } Set pbds = sr.getPBDs(conn); - if (pbds.isEmpty()) + if (pbds.isEmpty()) { continue; + } PBD pbd = pbds.iterator().next(); Map dc = pbd.getDeviceConfig(conn); - if (dc == null) + if (dc == null) { continue; + } - if (dc.get("target") == null) + if (dc.get("target") == null) { continue; + } - if (dc.get("targetIQN") == null) + if (dc.get("targetIQN") == null) { continue; + } - if (dc.get("lunid") == null) + if (dc.get("lunid") == null) { continue; + } if (target.equals(dc.get("target")) && targetiqn.equals(dc.get("targetIQN")) && lunid.equals(dc.get("lunid"))) { if (checkSR(sr)) { @@ -4950,25 +4978,30 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR serverpath = serverpath.replace("//", "/"); Set srs = SR.getAll(conn); for (SR sr : srs) { - if (!SRType.NFS.equals(sr.getType(conn))) + if (!SRType.NFS.equals(sr.getType(conn))) { continue; + } Set pbds = sr.getPBDs(conn); - if (pbds.isEmpty()) + if (pbds.isEmpty()) { continue; + } PBD pbd = pbds.iterator().next(); Map dc = pbd.getDeviceConfig(conn); - if (dc == null) + if (dc == null) { continue; + } - if (dc.get("server") == null) + if (dc.get("server") == null) { continue; + } - if (dc.get("serverpath") == null) + if (dc.get("serverpath") == null) { continue; + } if (server.equals(dc.get("server")) && serverpath.equals(dc.get("serverpath"))) { if (checkSR(sr)) { @@ -5170,10 +5203,11 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR VM vm = getVM(conn, vmName); /* For HVM guest, if no pv driver installed, no attach/detach */ boolean isHVM; - if (vm.getPVBootloader(conn).equalsIgnoreCase("")) + if (vm.getPVBootloader(conn).equalsIgnoreCase("")) { isHVM = true; - else + } else { isHVM = false; + } VMGuestMetrics vgm = vm.getGuestMetrics(conn); boolean pvDrvInstalled = false; if (!isRefNull(vgm) && vgm.getPVDriversUpToDate(conn)) { @@ -5813,12 +5847,14 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR } // If there are no VMs, throw an exception - if (vms.size() == 0) + if (vms.size() == 0) { throw new CloudRuntimeException("VM with name: " + vmName + " does not exist."); + } // If there is more than one VM, print a warning - if (vms.size() > 1) + if (vms.size() > 1) { s_logger.warn("Found " + vms.size() + " VMs with name: " + vmName); + } // Return the first VM in the set return vms.iterator().next(); @@ -5892,12 +5928,13 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR throw new CloudRuntimeException("SR check failed for storage pool: " + pool.getUuid() + "on host:" + _host.uuid); } else { - if (pool.getType() == StoragePoolType.NetworkFilesystem) - return getNfsSR(pool); - else if (pool.getType() == StoragePoolType.IscsiLUN) - return getIscsiSR(pool); - else - throw new CloudRuntimeException("The pool type: " + pool.getType().name() + " is not supported."); + if (pool.getType() == StoragePoolType.NetworkFilesystem) { + return getNfsSR(pool); + } else if (pool.getType() == StoragePoolType.IscsiLUN) { + return getIscsiSR(pool); + } else { + throw new CloudRuntimeException("The pool type: " + pool.getType().name() + " is not supported."); + } } } @@ -5930,8 +5967,9 @@ public abstract class CitrixResourceBase implements StoragePoolResource, ServerR final StringBuilder sb2 = new StringBuilder(); String line = null; try { - while ((line = reader.readLine()) != null) + while ((line = reader.readLine()) != null) { sb2.append(line + "\n"); + } result = sb2.toString(); } catch (final IOException e) { success = false; diff --git a/core/src/com/cloud/network/FirewallRuleVO.java b/core/src/com/cloud/network/FirewallRuleVO.java deleted file mode 100644 index 159d6ee44e2..00000000000 --- a/core/src/com/cloud/network/FirewallRuleVO.java +++ /dev/null @@ -1,186 +0,0 @@ -/** - * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. - * - * This software is licensed under the GNU General Public License v3 or later. - * - * It is free software: you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation, either version 3 of the License, or any later version. - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see . - * - */ - -package com.cloud.network; - -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; -import javax.persistence.Transient; - -import com.cloud.network.rules.FirewallRule; - -/** - * A bean representing a IP Forwarding - * - * @author Will Chan - * - */ -@Entity -@Table(name=("ip_forwarding")) -public class FirewallRuleVO implements FirewallRule { - @Id - @GeneratedValue(strategy=GenerationType.IDENTITY) - @Column(name="id") - private long id; - - @Column(name="group_id") - private Long groupId; - - @Column(name="public_ip_address") - private String publicIpAddress = null; - - @Column(name="public_port") - private String publicPort = null; - - @Column(name="private_ip_address") - private String privateIpAddress = null; - - @Column(name="private_port") - private String privatePort = null; - - @Column(name="enabled") - private boolean enabled = false; - - @Column(name="protocol") - private String protocol = "TCP"; - - @Column(name="forwarding") - private boolean forwarding = true; - - @Column(name="algorithm") - private String algorithm = null; - - @Transient - private String vlanNetmask; - - public FirewallRuleVO() { - } - - public FirewallRuleVO(Long groupId, String publicIpAddress, String publicPort, String privateIpAddress, String privatePort, boolean enabled, String protocol, - boolean forwarding, String algorithm) { - this.groupId = groupId; - this.publicIpAddress = publicIpAddress; - this.publicPort = publicPort; - this.privateIpAddress = privateIpAddress; - this.privatePort = privatePort; - this.enabled = enabled; - this.protocol = protocol; - this.forwarding = forwarding; - } - - public FirewallRuleVO(FirewallRuleVO fwRule) { - this(fwRule.getGroupId(), fwRule.getPublicIpAddress(), - fwRule.getPublicPort(), fwRule.getPrivateIpAddress(), - fwRule.getPrivatePort(), fwRule.isEnabled(), fwRule.getProtocol(), - fwRule.isForwarding(), fwRule.getAlgorithm()); - id = fwRule.id; - } - - @Override - public long getId() { - return id; - } - - @Override - public String getXid() { - return Long.toHexString(id); - } - - public Long getGroupId() { - return groupId; - } - - public void setGroupId(Long groupId) { - this.groupId = groupId; - } - - @Override - public String getPublicIpAddress() { - return publicIpAddress; - } - - public void setPublicIpAddress(String address) { - this.publicIpAddress = address; - } - - @Override - public String getPublicPort() { - return publicPort; - } - - public void setPublicPort(String port) { - this.publicPort = port; - } - - @Override - public String getPrivateIpAddress() { - return privateIpAddress; - } - - public void setPrivateIpAddress(String privateIpAddress) { - this.privateIpAddress = privateIpAddress; - } - - @Override - public String getPrivatePort() { - return privatePort; - } - - public void setPrivatePort(String privatePort) { - this.privatePort = privatePort; - } - public boolean isEnabled() { - return enabled; - } - public void setEnabled(boolean enabled) { - this.enabled = enabled; - } - @Override - public String getProtocol() { - return this.protocol; - } - public void setProtocol(String protocol) { - this.protocol = protocol.toLowerCase(); - } - public boolean isForwarding() { - return forwarding; - } - public void setForwarding(boolean forwarding) { - this.forwarding = forwarding; - } - public String getAlgorithm() { - return algorithm; - } - public void setAlgorithm(String algorithm) { - this.algorithm = algorithm; - } - - public void setVlanNetmask(String vlanNetmask) { - this.vlanNetmask = vlanNetmask; - } - - public String getVlanNetmask() { - return vlanNetmask; - } - -} - diff --git a/core/src/com/cloud/network/LoadBalancerConfigurator.java b/core/src/com/cloud/network/LoadBalancerConfigurator.java index df7bda4a658..f79ae8f15f4 100644 --- a/core/src/com/cloud/network/LoadBalancerConfigurator.java +++ b/core/src/com/cloud/network/LoadBalancerConfigurator.java @@ -19,6 +19,8 @@ package com.cloud.network; import java.util.List; +import com.cloud.agent.api.to.PortForwardingRuleTO; + /** * @author chiradeep @@ -28,6 +30,6 @@ public interface LoadBalancerConfigurator { public final static int ADD = 0; public final static int REMOVE = 1; - public String [] generateConfiguration(List fwRules); - public String [][] generateFwRules(List fwRules); + public String [] generateConfiguration(List fwRules); + public String [][] generateFwRules(List fwRules); } diff --git a/server/src/com/cloud/api/ApiDBUtils.java b/server/src/com/cloud/api/ApiDBUtils.java index 02a3f4a2a11..f6baeab15cc 100755 --- a/server/src/com/cloud/api/ApiDBUtils.java +++ b/server/src/com/cloud/api/ApiDBUtils.java @@ -484,7 +484,7 @@ public class ApiDBUtils { } public static Network getNetwork(long id) { - return _networkMgr.getNetworkConfiguration(id); + return _networkMgr.getNetwork(id); } public static void synchronizeCommand(Object job, String syncObjType, long syncObjId) { diff --git a/server/src/com/cloud/api/ApiResponseHelper.java b/server/src/com/cloud/api/ApiResponseHelper.java index 9e75c94801a..fc9b458793f 100644 --- a/server/src/com/cloud/api/ApiResponseHelper.java +++ b/server/src/com/cloud/api/ApiResponseHelper.java @@ -74,7 +74,6 @@ import com.cloud.api.response.VpnUsersResponse; import com.cloud.api.response.ZoneResponse; import com.cloud.async.AsyncJob; import com.cloud.async.AsyncJobResult; -import com.cloud.async.AsyncJobVO; import com.cloud.async.executor.IngressRuleResultObject; import com.cloud.async.executor.NetworkGroupResultObject; import com.cloud.capacity.Capacity; @@ -97,12 +96,12 @@ import com.cloud.host.Host; import com.cloud.host.HostStats; import com.cloud.host.HostVO; import com.cloud.network.IpAddress; -import com.cloud.network.LoadBalancer; import com.cloud.network.Network; import com.cloud.network.RemoteAccessVpn; import com.cloud.network.VpnUser; import com.cloud.network.router.VirtualRouter; -import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.LoadBalancer; +import com.cloud.network.rules.PortForwardingRule; import com.cloud.network.security.IngressRule; import com.cloud.network.security.NetworkGroup; import com.cloud.network.security.NetworkGroupRules; @@ -807,9 +806,9 @@ public class ApiResponseHelper implements ResponseGenerator { lbResponse.setId(loadBalancer.getId()); lbResponse.setName(loadBalancer.getName()); lbResponse.setDescription(loadBalancer.getDescription()); - lbResponse.setPublicIp(loadBalancer.getIpAddress()); - lbResponse.setPublicPort(loadBalancer.getPublicPort()); - lbResponse.setPrivatePort(loadBalancer.getPrivatePort()); + lbResponse.setPublicIp(loadBalancer.getSourceIpAddress().toString()); + lbResponse.setPublicPort(Integer.toString(loadBalancer.getSourcePortStart())); + lbResponse.setPrivatePort(Integer.toString(loadBalancer.getDefaultPortStart())); lbResponse.setAlgorithm(loadBalancer.getAlgorithm()); Account accountTemp = ApiDBUtils.findAccountById(loadBalancer.getAccountId()); @@ -1050,15 +1049,15 @@ public class ApiResponseHelper implements ResponseGenerator { } @Override - public FirewallRuleResponse createFirewallRuleResponse(FirewallRule fwRule) { + public FirewallRuleResponse createFirewallRuleResponse(PortForwardingRule fwRule) { FirewallRuleResponse response = new FirewallRuleResponse(); response.setId(fwRule.getId()); - response.setPrivatePort(fwRule.getPrivatePort()); + response.setPrivatePort(Integer.toString(fwRule.getDestinationPortStart())); response.setProtocol(fwRule.getProtocol()); - response.setPublicPort(fwRule.getPublicPort()); - response.setPublicIpAddress(fwRule.getPublicIpAddress()); - if (fwRule.getPublicIpAddress() != null && fwRule.getPrivateIpAddress() != null) { - UserVm vm = ApiDBUtils.findUserVmByPublicIpAndGuestIp(fwRule.getPublicIpAddress(), fwRule.getPrivateIpAddress()); + response.setPublicPort(Integer.toString(fwRule.getSourcePortStart())); + response.setPublicIpAddress(fwRule.getSourceIpAddress().toString()); + if (fwRule.getSourceIpAddress() != null && fwRule.getDestinationIpAddress() != null) { + UserVm vm = ApiDBUtils.findUserVmByPublicIpAndGuestIp(fwRule.getSourceIpAddress().toString(), fwRule.getDestinationIpAddress().toString()); if(vm != null){ response.setVirtualMachineId(vm.getId()); response.setVirtualMachineName(vm.getHostName()); @@ -1070,13 +1069,13 @@ public class ApiResponseHelper implements ResponseGenerator { } @Override - public IpForwardingRuleResponse createIpForwardingRuleResponse(FirewallRule fwRule) { + public IpForwardingRuleResponse createIpForwardingRuleResponse(PortForwardingRule fwRule) { IpForwardingRuleResponse response = new IpForwardingRuleResponse(); response.setId(fwRule.getId()); response.setProtocol(fwRule.getProtocol()); - response.setPublicIpAddress(fwRule.getPublicIpAddress()); - if (fwRule.getPublicIpAddress() != null && fwRule.getPrivateIpAddress() != null) { - UserVm vm = ApiDBUtils.findUserVmByPublicIpAndGuestIp(fwRule.getPublicIpAddress(), fwRule.getPrivateIpAddress()); + response.setPublicIpAddress(fwRule.getSourceIpAddress().addr()); + if (fwRule.getSourceIpAddress() != null && fwRule.getDestinationIpAddress() != null) { + UserVm vm = ApiDBUtils.findUserVmByPublicIpAndGuestIp(fwRule.getSourceIpAddress().addr(), fwRule.getDestinationIpAddress().addr()); if(vm != null){//vm might be destroyed response.setVirtualMachineId(vm.getId()); response.setVirtualMachineName(vm.getHostName()); diff --git a/server/src/com/cloud/async/executor/UpdateLoadBalancerRuleExecutor.java b/server/src/com/cloud/async/executor/UpdateLoadBalancerRuleExecutor.java deleted file mode 100644 index 7e182bddd24..00000000000 --- a/server/src/com/cloud/async/executor/UpdateLoadBalancerRuleExecutor.java +++ /dev/null @@ -1,79 +0,0 @@ -package com.cloud.async.executor; - -import org.apache.log4j.Logger; - -import com.cloud.api.BaseCmd; -import com.cloud.async.AsyncJobManager; -import com.cloud.async.AsyncJobResult; -import com.cloud.async.AsyncJobVO; -import com.cloud.async.BaseAsyncJobExecutor; -import com.cloud.exception.InvalidParameterValueException; -import com.cloud.network.LoadBalancerVO; -import com.cloud.serializer.GsonHelper; -import com.cloud.server.ManagementServer; -import com.cloud.user.Account; -import com.google.gson.Gson; - -public class UpdateLoadBalancerRuleExecutor extends BaseAsyncJobExecutor { - public static final Logger s_logger = Logger.getLogger(UpdateLoadBalancerRuleExecutor.class.getName()); - - @Override - public boolean execute() { - /* - if (getSyncSource() == null) { - Gson gson = GsonHelper.getBuilder().create(); - AsyncJobManager asyncMgr = getAsyncJobMgr(); - AsyncJobVO job = getJob(); - - UpdateLoadBalancerParam param = gson.fromJson(job.getCmdInfo(), UpdateLoadBalancerParam.class); - asyncMgr.syncAsyncJobExecution(job.getId(), "LoadBalancer", param.getLoadBalancerId()); // in reality I need to synchronize on both the load balancer and domR - - // always true if it does not have sync-source - return true; - } else { - Gson gson = GsonHelper.getBuilder().create(); - AsyncJobManager asyncMgr = getAsyncJobMgr(); - AsyncJobVO job = getJob(); - - UpdateLoadBalancerParam param = gson.fromJson(job.getCmdInfo(), UpdateLoadBalancerParam.class); - ManagementServer ms = asyncMgr.getExecutorContext().getManagementServer(); - LoadBalancerVO loadBalancer = ms.findLoadBalancerById(param.getLoadBalancerId()); - - try { - loadBalancer = ms.updateLoadBalancerRule(loadBalancer, param.getName(), param.getDescription()); - loadBalancer = ms.updateLoadBalancerRule(param.getUserId(), loadBalancer, param.getPrivatePort(), param.getAlgorithm()); - - getAsyncJobMgr().completeAsyncJob(job.getId(), AsyncJobResult.STATUS_SUCCEEDED, 0, composeResultObject(ms, loadBalancer)); - } catch (InvalidParameterValueException ex) { - getAsyncJobMgr().completeAsyncJob(job.getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.PARAM_ERROR, ex.getMessage()); - } catch (Exception ex) { - s_logger.error("Unhandled exception updating load balancer rule", ex); - getAsyncJobMgr().completeAsyncJob(job.getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.INTERNAL_ERROR, "Internal error updating load balancer rule " + loadBalancer.getName()); - } - return true; - } - */ - return true; - } - - private UpdateLoadBalancerRuleResultObject composeResultObject(ManagementServer ms, LoadBalancerVO loadBalancer) { - UpdateLoadBalancerRuleResultObject resultObject = new UpdateLoadBalancerRuleResultObject(); - - resultObject.setId(loadBalancer.getId()); - resultObject.setName(loadBalancer.getName()); - resultObject.setDescription(loadBalancer.getDescription()); - resultObject.setPublicIp(loadBalancer.getIpAddress()); - resultObject.setPublicPort(loadBalancer.getPublicPort()); - resultObject.setPrivatePort(loadBalancer.getPrivatePort()); - resultObject.setAlgorithm(loadBalancer.getAlgorithm()); - - Account accountTemp = ms.findAccountById(loadBalancer.getAccountId()); - if (accountTemp != null) { - resultObject.setAccountName(accountTemp.getAccountName()); - resultObject.setDomainId(accountTemp.getDomainId()); -// resultObject.setDomainName(ms.findDomainIdById(accountTemp.getDomainId()).getName()); - } - - return resultObject; - } -} diff --git a/server/src/com/cloud/async/executor/UpdatePortForwardingRuleExecutor.java b/server/src/com/cloud/async/executor/UpdatePortForwardingRuleExecutor.java deleted file mode 100644 index 65c2d668205..00000000000 --- a/server/src/com/cloud/async/executor/UpdatePortForwardingRuleExecutor.java +++ /dev/null @@ -1,93 +0,0 @@ - -package com.cloud.async.executor; - -import java.util.List; - -import org.apache.log4j.Logger; - -import com.cloud.api.BaseCmd; -import com.cloud.async.AsyncJobManager; -import com.cloud.async.AsyncJobResult; -import com.cloud.async.AsyncJobVO; -import com.cloud.async.BaseAsyncJobExecutor; -import com.cloud.network.FirewallRuleVO; -import com.cloud.network.IPAddressVO; -import com.cloud.serializer.GsonHelper; -import com.cloud.server.Criteria; -import com.cloud.server.ManagementServer; -import com.cloud.vm.DomainRouterVO; -import com.cloud.vm.UserVmVO; -import com.google.gson.Gson; - -public class UpdatePortForwardingRuleExecutor extends BaseAsyncJobExecutor { - public static final Logger s_logger = Logger.getLogger(UpdatePortForwardingRuleExecutor.class.getName()); - - @Override - public boolean execute() { - /* - if (getSyncSource() == null) { - Gson gson = GsonHelper.getBuilder().create(); - AsyncJobManager asyncMgr = getAsyncJobMgr(); - AsyncJobVO job = getJob(); - - CreateOrUpdateRuleParam param = gson.fromJson(job.getCmdInfo(), CreateOrUpdateRuleParam.class); - ManagementServer ms = asyncMgr.getExecutorContext().getManagementServer(); - IPAddressVO ipAddr = ms.findIPAddressById(param.getAddress()); - DomainRouterVO router = ms.findDomainRouterBy(ipAddr.getAccountId(), ipAddr.getDataCenterId()); - asyncMgr.syncAsyncJobExecution(job, "Router", router.getId()); // synchronize on the router - - // always true if it does not have sync-source - return true; - } else { - Gson gson = GsonHelper.getBuilder().create(); - AsyncJobManager asyncMgr = getAsyncJobMgr(); - AsyncJobVO job = getJob(); - - CreateOrUpdateRuleParam param = gson.fromJson(job.getCmdInfo(), CreateOrUpdateRuleParam.class); - ManagementServer ms = asyncMgr.getExecutorContext().getManagementServer(); - - try { - FirewallRuleVO fwRule = ms.updatePortForwardingRule(param.getUserId(), param.getAddress(), param.getPrivateIpAddress(), param.getPort(), param.getPrivatePort(), param.getProtocol()); - - if (fwRule != null) { - getAsyncJobMgr().completeAsyncJob(job.getId(), AsyncJobResult.STATUS_SUCCEEDED, 0, composeResultObject(ms, fwRule)); - } else { - getAsyncJobMgr().completeAsyncJob(job.getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.INTERNAL_ERROR, "Internal error updating forwarding rule for address " + param.getAddress()); - } - } catch (Exception ex) { - s_logger.error("Unhandled exception updating port forwarding rule", ex); - getAsyncJobMgr().completeAsyncJob(job.getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.INTERNAL_ERROR, "Internal error updating forwarding rule for address " + param.getAddress()); - } - return true; - } - */ - return true; - } - - private UpdatePortForwardingRuleResultObject composeResultObject(ManagementServer ms, FirewallRuleVO firewallRule) { - UpdatePortForwardingRuleResultObject resultObject = new UpdatePortForwardingRuleResultObject(); - - IPAddressVO ipAddressVO = ms.findIPAddressById(firewallRule.getPublicIpAddress()); - Criteria c = new Criteria(); - c.addCriteria(Criteria.ACCOUNTID, new Object[] {ipAddressVO.getAccountId()}); - c.addCriteria(Criteria.DATACENTERID, ipAddressVO.getDataCenterId()); - c.addCriteria(Criteria.IPADDRESS, firewallRule.getPrivateIpAddress()); - List userVMs = ms.searchForUserVMs(c); - - if ((userVMs != null) && (userVMs.size() > 0)) { - UserVmVO userVM = userVMs.get(0); - resultObject.setVirtualMachineId(userVM.getId()); - resultObject.setVirtualMachineName(userVM.getHostName()); - resultObject.setVirtualMachineDisplayName(userVM.getDisplayName()); - } - - resultObject.setId(firewallRule.getId()); - resultObject.setPublicIp(firewallRule.getPublicIpAddress()); - resultObject.setPrivateIp(firewallRule.getPrivateIpAddress()); - resultObject.setPublicPort(firewallRule.getPublicPort()); - resultObject.setPrivatePort(firewallRule.getPrivatePort()); - resultObject.setProtocol(firewallRule.getProtocol()); - - return resultObject; - } -} diff --git a/server/src/com/cloud/configuration/DefaultComponentLibrary.java b/server/src/com/cloud/configuration/DefaultComponentLibrary.java index fe1c9f8cbdc..99dc726a6cf 100644 --- a/server/src/com/cloud/configuration/DefaultComponentLibrary.java +++ b/server/src/com/cloud/configuration/DefaultComponentLibrary.java @@ -41,6 +41,7 @@ import com.cloud.configuration.dao.ConfigurationDaoImpl; import com.cloud.configuration.dao.ResourceCountDaoImpl; import com.cloud.configuration.dao.ResourceLimitDaoImpl; import com.cloud.consoleproxy.AgentBasedStandaloneConsoleProxyManager; +import com.cloud.dao.EntityManager; import com.cloud.dao.EntityManagerImpl; import com.cloud.dc.dao.AccountVlanMapDaoImpl; import com.cloud.dc.dao.ClusterDaoImpl; @@ -60,6 +61,7 @@ import com.cloud.maid.dao.StackMaidDaoImpl; import com.cloud.maint.UpgradeManagerImpl; import com.cloud.maint.dao.AgentUpgradeDaoImpl; import com.cloud.network.NetworkManagerImpl; +import com.cloud.network.dao.FirewallRulesDao; import com.cloud.network.dao.FirewallRulesDaoImpl; import com.cloud.network.dao.IPAddressDaoImpl; import com.cloud.network.dao.LoadBalancerDaoImpl; @@ -68,6 +70,7 @@ import com.cloud.network.dao.NetworkDaoImpl; import com.cloud.network.dao.NetworkRuleConfigDaoImpl; import com.cloud.network.dao.RemoteAccessVpnDaoImpl; import com.cloud.network.dao.VpnUserDaoImpl; +import com.cloud.network.lb.LoadBalancingRulesManagerImpl; import com.cloud.network.router.DomainRouterManagerImpl; import com.cloud.network.security.NetworkGroupManagerImpl; import com.cloud.network.security.dao.IngressRuleDaoImpl; @@ -126,7 +129,7 @@ import com.cloud.vm.dao.VMInstanceDaoImpl; public class DefaultComponentLibrary implements ComponentLibrary { - protected final Map>> _daos = new LinkedHashMap>>(); + protected final Map>> _daos = new LinkedHashMap>>(); protected ComponentInfo> addDao(String name, Class> clazz) { return addDao(name, clazz, new ArrayList>(), true); @@ -223,6 +226,7 @@ public class DefaultComponentLibrary implements ComponentLibrary { addDao("RemoteAccessVpnDao", RemoteAccessVpnDaoImpl.class); addDao("VpnUserDao", VpnUserDaoImpl.class); addDao("ItWorkDao", ItWorkDaoImpl.class); + addDao("FirewallRulesDao", FirewallRulesDao.class); } Map> _managers = new HashMap>(); @@ -274,6 +278,7 @@ public class DefaultComponentLibrary implements ComponentLibrary { addManager("VmManager", MauriceMoss.class); addManager("DomainRouterManager", DomainRouterManagerImpl.class); addManager("EntityManager", EntityManagerImpl.class); + addManager("LoadBalancingRulesManager", LoadBalancingRulesManagerImpl.class); } protected List> addAdapterChain(Class interphace, List>> adapters) { @@ -311,4 +316,11 @@ public class DefaultComponentLibrary implements ComponentLibrary { } return _adapters; } + + @Override + public synchronized Map, Class> getFactories() { + HashMap, Class> factories = new HashMap, Class>(); + factories.put(EntityManager.class, EntityManagerImpl.class); + return factories; + } } diff --git a/server/src/com/cloud/dao/EntityManagerImpl.java b/server/src/com/cloud/dao/EntityManagerImpl.java index 2b287257f7f..0a968ec0b9d 100644 --- a/server/src/com/cloud/dao/EntityManagerImpl.java +++ b/server/src/com/cloud/dao/EntityManagerImpl.java @@ -24,6 +24,8 @@ import java.util.Map; import javax.ejb.Local; import javax.naming.ConfigurationException; +import net.sf.ehcache.Cache; + import com.cloud.utils.component.Manager; import com.cloud.utils.db.GenericDao; import com.cloud.utils.db.GenericDaoBase; @@ -35,7 +37,8 @@ import com.cloud.utils.db.SearchCriteria; @SuppressWarnings("unchecked") public class EntityManagerImpl implements EntityManager, Manager { String _name; - + Cache _cache; + @Override public T findById(Class entityType, K id) { GenericDao dao = (GenericDao)GenericDaoBase.getDao(entityType); @@ -74,9 +77,25 @@ public class EntityManagerImpl implements EntityManager, Manager { @Override public boolean configure(String name, Map params) throws ConfigurationException { _name = name; + /* + String threadId = Long.toString(Thread.currentThread().getId()); + CacheManager cm = CacheManager.create(); + + _cache = cm.getCache(threadId); + + if (_cache == null) { + int maxElements = NumbersUtil.parseInt((String)params.get("cache.size"), 100); + int live = NumbersUtil.parseInt((String)params.get("cache.time.to.live"), 300); + int idle = NumbersUtil.parseInt((String)params.get("cache.time.to.idle"), 300); + + _cache = new Cache(threadId, maxElements, false, live == -1, live == -1 ? Integer.MAX_VALUE : live, idle); + cm.addCache(_cache); + + }*/ + return true; - } + } @Override public boolean start() { diff --git a/server/src/com/cloud/network/HAProxyConfigurator.java b/server/src/com/cloud/network/HAProxyConfigurator.java index bae703d8e23..2a834a67436 100644 --- a/server/src/com/cloud/network/HAProxyConfigurator.java +++ b/server/src/com/cloud/network/HAProxyConfigurator.java @@ -25,6 +25,7 @@ import java.util.List; import java.util.Map; import java.util.Set; +import com.cloud.agent.api.to.PortForwardingRuleTO; import com.cloud.utils.net.NetUtils; @@ -64,17 +65,17 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { }; @Override - public String[] generateConfiguration(List fwRules) { + public String[] generateConfiguration(List fwRules) { //Group the rules by publicip:publicport - Map> pools = new HashMap>(); + Map> pools = new HashMap>(); - for(FirewallRuleVO rule:fwRules) { + for(PortForwardingRuleTO rule:fwRules) { StringBuilder sb = new StringBuilder(); - String poolName = sb.append(rule.getPublicIpAddress().replace(".", "_")).append('-').append(rule.getPublicPort()).toString(); - if (rule.isEnabled() && !rule.isForwarding()) { - List fwList = pools.get(poolName); + String poolName = sb.append(rule.getSrcIp().replace(".", "_")).append('-').append(rule.getSrcPortRange()[0]).toString(); + if (!rule.revoked()) { + List fwList = pools.get(poolName); if (fwList == null) { - fwList = new ArrayList(); + fwList = new ArrayList(); pools.put(poolName, fwList); } fwList.add(rule); @@ -95,7 +96,7 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { } result.add(getBlankLine()); - for (Map.Entry> e : pools.entrySet()){ + for (Map.Entry> e : pools.entrySet()){ List poolRules = getRulesForPool(e.getKey(), e.getValue()); result.addAll(poolRules); } @@ -103,11 +104,11 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { return result.toArray(new String[result.size()]); } - private List getRulesForPool(String poolName, List fwRules) { - FirewallRuleVO firstRule = fwRules.get(0); - String publicIP = firstRule.getPublicIpAddress(); - String publicPort = firstRule.getPublicPort(); - String algorithm = firstRule.getAlgorithm(); + private List getRulesForPool(String poolName, List fwRules) { + PortForwardingRuleTO firstRule = fwRules.get(0); + String publicIP = firstRule.getSrcIp(); + String publicPort = Integer.toString(firstRule.getSrcPortRange()[0]); +// FIXEME: String algorithm = firstRule.getAlgorithm(); List result = new ArrayList(); //add line like this: "listen 65_37_141_30-80 65.37.141.30:80" @@ -116,7 +117,7 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { .append(publicIP).append(":").append(publicPort); result.add(sb.toString()); sb = new StringBuilder(); - sb.append("\t").append("balance ").append(algorithm); +//FIXME sb.append("\t").append("balance ").append(algorithm); result.add(sb.toString()); if (publicPort.equals(NetUtils.HTTP_PORT)) { sb = new StringBuilder(); @@ -127,14 +128,15 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { result.add(sb.toString()); } int i=0; - for (FirewallRuleVO rule: fwRules) { + for (PortForwardingRuleTO rule: fwRules) { //add line like this: "server 65_37_141_30-80_3 10.1.1.4:80 check" - if (!rule.isEnabled()) - continue; + if (rule.revoked()) { + continue; + } sb = new StringBuilder(); sb.append("\t").append("server ").append(poolName) .append("_").append(Integer.toString(i++)).append(" ") - .append(rule.getPrivateIpAddress()).append(":").append(rule.getPrivatePort()) + .append(rule.getDstIp()).append(":").append(rule.getDstPortRange()[0]) .append(" check"); result.add(sb.toString()); } @@ -147,24 +149,22 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { } @Override - public String[][] generateFwRules(List fwRules) { + public String[][] generateFwRules(List fwRules) { String [][] result = new String [2][]; Set toAdd = new HashSet(); Set toRemove = new HashSet(); for (int i = 0; i < fwRules.size(); i++) { - FirewallRuleVO rule = fwRules.get(i); - if (rule.isForwarding()) - continue; + PortForwardingRuleTO rule = fwRules.get(i); String vlanNetmask = rule.getVlanNetmask(); StringBuilder sb = new StringBuilder(); - sb.append(rule.getPublicIpAddress()).append(":"); - sb.append(rule.getPublicPort()).append(":"); + sb.append(rule.getSrcIp()).append(":"); + sb.append(rule.getSrcPortRange()[0]).append(":"); sb.append(vlanNetmask); String lbRuleEntry = sb.toString(); - if (rule.isEnabled()) { + if (!rule.revoked()) { toAdd.add(lbRuleEntry); } else { toRemove.add(lbRuleEntry); @@ -176,5 +176,4 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { return result; } - } diff --git a/server/src/com/cloud/network/IPAddressVO.java b/server/src/com/cloud/network/IPAddressVO.java index 0592921893f..08a34ab8ae7 100644 --- a/server/src/com/cloud/network/IPAddressVO.java +++ b/server/src/com/cloud/network/IPAddressVO.java @@ -141,6 +141,10 @@ public class IPAddressVO implements IpAddress { @Override public void setOneToOneNat(boolean oneToOneNat) { this.oneToOneNat = oneToOneNat; + } + + @Override + public String toString() { + return new StringBuilder("Ip[").append(address).append("-").append(dataCenterId).append("]").toString(); } - } diff --git a/server/src/com/cloud/network/LoadBalancerVMMapVO.java b/server/src/com/cloud/network/LoadBalancerVMMapVO.java index 72d8599bc25..f8381a9bc8b 100644 --- a/server/src/com/cloud/network/LoadBalancerVMMapVO.java +++ b/server/src/com/cloud/network/LoadBalancerVMMapVO.java @@ -18,12 +18,12 @@ package com.cloud.network; -import javax.persistence.Column; -import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; -import javax.persistence.Table; +import javax.persistence.Column; +import javax.persistence.Entity; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Table; @Entity @Table(name=("load_balancer_vm_map")) @@ -31,7 +31,7 @@ public class LoadBalancerVMMapVO { @Id @GeneratedValue(strategy=GenerationType.IDENTITY) @Column(name="id") - private Long id; + private long id; @Column(name="load_balancer_id") private long loadBalancerId; @@ -55,7 +55,7 @@ public class LoadBalancerVMMapVO { this.pending = pending; } - public Long getId() { + public long getId() { return id; } diff --git a/server/src/com/cloud/network/LoadBalancerVO.java b/server/src/com/cloud/network/LoadBalancerVO.java index b929df23bbb..7e7788f7c60 100644 --- a/server/src/com/cloud/network/LoadBalancerVO.java +++ b/server/src/com/cloud/network/LoadBalancerVO.java @@ -18,127 +18,80 @@ package com.cloud.network; +import java.util.List; + import javax.persistence.Column; import javax.persistence.Entity; -import javax.persistence.GeneratedValue; -import javax.persistence.GenerationType; -import javax.persistence.Id; import javax.persistence.PrimaryKeyJoinColumn; import javax.persistence.SecondaryTable; import javax.persistence.Table; + +import com.cloud.network.rules.FirewallRuleVO; +import com.cloud.network.rules.LoadBalancer; +import com.cloud.utils.net.Ip; +import com.cloud.utils.net.NetUtils; @Entity @Table(name=("load_balancer")) @SecondaryTable(name="account", pkJoinColumns={@PrimaryKeyJoinColumn(name="account_id", referencedColumnName="id")}) -public class LoadBalancerVO implements LoadBalancer { - @Id - @GeneratedValue(strategy=GenerationType.IDENTITY) - @Column(name="id") - private long id; - +public class LoadBalancerVO extends FirewallRuleVO implements LoadBalancer { + @Column(name="name") private String name; @Column(name="description") private String description; - @Column(name="account_id") - private long accountId; - - @Column(name="domain_id", table="account", insertable=false, updatable=false) - private long domainId; - - @Column(name="account_name", table="account", insertable=false, updatable=false) - private String accountName = null; - - @Column(name="ip_address") - private String ipAddress; - - @Column(name="public_port") - private String publicPort; - - @Column(name="private_port") - private String privatePort; - @Column(name="algorithm") - private String algorithm; - - public LoadBalancerVO() { } - - public LoadBalancerVO(String name, String description, long accountId, String ipAddress, String publicPort, String privatePort, String algorithm) { - this.name = name; - this.description = description; - this.accountId = accountId; - this.ipAddress = ipAddress; - this.publicPort = publicPort; - this.privatePort = privatePort; - this.algorithm = algorithm; + private String algorithm; + + @Column(name="dest_port_start") + private int defaultPortStart; + + @Column(name="dest_port_end") + private int defaultPortEnd; + + public LoadBalancerVO() { } - - @Override - public long getId() { - return id; - } - + + public LoadBalancerVO(String xId, String name, String description, Ip srcIp, int srcPort, int dstPort, String algorithm, long networkId, long accountId, long domainId) { + super(xId, srcIp, srcPort, NetUtils.TCP_PROTO, networkId, accountId, domainId, Purpose.LoadBalancing); + this.name = name; + this.description = description; + this.algorithm = algorithm; + this.defaultPortStart = dstPort; + this.defaultPortEnd = dstPort; + } + @Override public String getName() { return name; } - @Override - public void setName(String name) { - this.name = name; - } @Override public String getDescription() { return description; } - @Override - public void setDescription(String description) { - this.description = description; - } - - @Override - public long getAccountId() { - return accountId; - } - - @Override - public String getIpAddress() { - return ipAddress; - } - - @Override - public String getPublicPort() { - return publicPort; - } - - @Override - public String getPrivatePort() { - return privatePort; - } - @Override - public void setPrivatePort(String privatePort) { - this.privatePort = privatePort; - } @Override public String getAlgorithm() { return algorithm; } + @Override - public void setAlgorithm(String algorithm) { - this.algorithm = algorithm; + public int getDefaultPortStart() { + return defaultPortStart; } - + @Override - public Long getDomainId() { - return domainId; - } - + public int getDefaultPortEnd() { + return defaultPortEnd; + } + @Override - public String getAccountName() { - return accountName; + public List getDestinations() { + // TODO Auto-generated method stub + return null; } } diff --git a/server/src/com/cloud/network/NetworkManager.java b/server/src/com/cloud/network/NetworkManager.java index 06ec7fd910a..3b2822647b0 100644 --- a/server/src/com/cloud/network/NetworkManager.java +++ b/server/src/com/cloud/network/NetworkManager.java @@ -34,11 +34,13 @@ import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.network.router.VirtualRouter; +import com.cloud.network.rules.FirewallRule; import com.cloud.offerings.NetworkOfferingVO; import com.cloud.service.ServiceOfferingVO; import com.cloud.user.Account; import com.cloud.user.AccountVO; import com.cloud.utils.Pair; +import com.cloud.utils.net.Ip; import com.cloud.vm.DomainRouterVO; import com.cloud.vm.Nic; import com.cloud.vm.NicProfile; @@ -140,28 +142,6 @@ public interface NetworkManager extends NetworkService { */ public String assignSourceNatIpAddress(Account account, DataCenterVO dc, String domain, ServiceOfferingVO so, long startEventId, HypervisorType hyperType) throws ResourceAllocationException; - /** - * @param fwRules list of rules to be updated - * @param router router where the rules have to be updated - * @return list of rules successfully updated - */ - public List updatePortForwardingRules(List fwRules, DomainRouterVO router, Long hostId); - - /** - * @param fwRules list of rules to be updated - * @param router router where the rules have to be updated - * @return success - */ - public boolean updateLoadBalancerRules(List fwRules, DomainRouterVO router, Long hostId); - - /** - * @param publicIpAddress public ip address associated with the fwRules - * @param fwRules list of rules to be updated - * @param router router where the rules have to be updated - * @return list of rules successfully updated - */ - public List updateFirewallRules(String publicIpAddress, List fwRules, DomainRouterVO router); - /** * Associates or disassociates a list of public IP address for a router. * @param router router object to send the association to @@ -181,8 +161,6 @@ public interface NetworkManager extends NetworkService { */ boolean associateIP(DomainRouterVO router, String ipAddress, boolean add, long vmId) throws ResourceAllocationException; - boolean updateFirewallRule(FirewallRuleVO fwRule, String oldPrivateIP, String oldPrivatePort); - /** * Add a DHCP entry on the domr dhcp server @@ -240,7 +218,8 @@ public interface NetworkManager extends NetworkService { List setupNetworkConfiguration(Account owner, ServiceOfferingVO offering, DeploymentPlan plan); String assignSourceNatIpAddress(Account account, DataCenter dc) throws InsufficientAddressCapacityException; - Network getNetworkConfiguration(long id); + Network getNetwork(long id); String getNextAvailableMacAddressInNetwork(long networkConfigurationId) throws InsufficientAddressCapacityException; + boolean applyRules(Ip ip, List rules, boolean continueOnError) throws ResourceUnavailableException; } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index a805d08baaa..9c0b37e240c 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -23,10 +23,8 @@ import java.util.Arrays; import java.util.Collections; import java.util.Comparator; import java.util.HashMap; -import java.util.HashSet; import java.util.List; import java.util.Map; -import java.util.Set; import java.util.concurrent.ScheduledExecutorService; import javax.ejb.Local; @@ -39,29 +37,20 @@ import com.cloud.agent.AgentManager.OnError; import com.cloud.agent.api.Answer; import com.cloud.agent.api.routing.DhcpEntryCommand; import com.cloud.agent.api.routing.IPAssocCommand; -import com.cloud.agent.api.routing.LoadBalancerCfgCommand; -import com.cloud.agent.api.routing.SetFirewallRuleCommand; import com.cloud.agent.api.to.NicTO; import com.cloud.agent.manager.Commands; import com.cloud.alert.AlertManager; import com.cloud.api.BaseCmd; import com.cloud.api.ServerApiException; import com.cloud.api.commands.AddVpnUserCmd; -import com.cloud.api.commands.AssignToLoadBalancerRuleCmd; import com.cloud.api.commands.AssociateIPAddrCmd; -import com.cloud.api.commands.CreateLoadBalancerRuleCmd; import com.cloud.api.commands.CreateNetworkCmd; -import com.cloud.api.commands.CreatePortForwardingRuleCmd; import com.cloud.api.commands.CreateRemoteAccessVpnCmd; -import com.cloud.api.commands.DeleteLoadBalancerRuleCmd; import com.cloud.api.commands.DeleteNetworkCmd; import com.cloud.api.commands.DeleteRemoteAccessVpnCmd; import com.cloud.api.commands.DisassociateIPAddrCmd; import com.cloud.api.commands.ListNetworksCmd; -import com.cloud.api.commands.ListPortForwardingRulesCmd; -import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd; import com.cloud.api.commands.RemoveVpnUserCmd; -import com.cloud.api.commands.UpdateLoadBalancerRuleCmd; import com.cloud.async.AsyncJobManager; import com.cloud.capacity.dao.CapacityDao; import com.cloud.configuration.Config; @@ -94,12 +83,10 @@ import com.cloud.exception.InsufficientAddressCapacityException; import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.InsufficientNetworkCapacityException; import com.cloud.exception.InvalidParameterValueException; -import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.OperationTimedoutException; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceAllocationException; import com.cloud.exception.ResourceUnavailableException; -import com.cloud.host.HostVO; import com.cloud.host.dao.HostDao; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.network.Networks.AddressFormat; @@ -134,7 +121,6 @@ import com.cloud.storage.dao.VolumeDao; import com.cloud.user.Account; import com.cloud.user.AccountManager; import com.cloud.user.AccountVO; -import com.cloud.user.User; import com.cloud.user.UserContext; import com.cloud.user.UserStatisticsVO; import com.cloud.user.dao.AccountDao; @@ -142,9 +128,6 @@ import com.cloud.user.dao.UserDao; import com.cloud.user.dao.UserStatisticsDao; import com.cloud.uservm.UserVm; import com.cloud.utils.Pair; -import com.cloud.utils.PasswordGenerator; -import com.cloud.utils.StringUtils; -import com.cloud.utils.Ternary; import com.cloud.utils.component.Adapters; import com.cloud.utils.component.Inject; import com.cloud.utils.component.Manager; @@ -156,6 +139,7 @@ import com.cloud.utils.db.SearchBuilder; import com.cloud.utils.db.SearchCriteria; import com.cloud.utils.db.Transaction; import com.cloud.utils.exception.CloudRuntimeException; +import com.cloud.utils.net.Ip; import com.cloud.utils.net.NetUtils; import com.cloud.vm.DomainRouterVO; import com.cloud.vm.Nic; @@ -821,812 +805,141 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return answers[0].getResult(); } - @Override - public boolean updateFirewallRule(final FirewallRuleVO rule, String oldPrivateIP, String oldPrivatePort) { - - final IPAddressVO ipVO = _ipAddressDao.findById(rule.getPublicIpAddress()); - if (ipVO == null || ipVO.getAllocated() == null) { - return false; - } - - final DomainRouterVO router = _routerMgr.getRouter(ipVO.getAccountId(), ipVO.getDataCenterId()); - Long hostId = router.getHostId(); - if (router == null || router.getHostId() == null) { - return true; - } - - if (rule.isForwarding()) { - return updatePortForwardingRule(rule, router, hostId, oldPrivateIP, oldPrivatePort); - } else if (rule.getGroupId() != null) { - final List fwRules = _rulesDao.listIPForwardingForLB(ipVO.getAccountId(), ipVO.getDataCenterId()); - - return updateLoadBalancerRules(fwRules, router, hostId); - } - return true; - } - - @Override - public List updateFirewallRules(final String publicIpAddress, final List fwRules, final DomainRouterVO router) { - final List result = new ArrayList(); - if (fwRules.size() == 0) { - return result; - } - - if (router == null || router.getHostId() == null) { - return fwRules; - } else { - final HostVO host = _hostDao.findById(router.getHostId()); - return updateFirewallRules(host, router.getInstanceName(), router.getPrivateIpAddress(), fwRules); - } - } - - public List updateFirewallRules(final HostVO host, final String routerName, final String routerIp, final List fwRules) { - final List result = new ArrayList(); - if (fwRules.size() == 0) { - s_logger.debug("There are no firewall rules"); - return result; - } - - Commands cmds = new Commands(OnError.Continue); - final List lbRules = new ArrayList(); - final List fwdRules = new ArrayList(); - - int i=0; - for (FirewallRuleVO rule : fwRules) { - // Determine the VLAN ID and netmask of the rule's public IP address - IPAddressVO ip = _ipAddressDao.findById(rule.getPublicIpAddress()); - VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId())); - String vlanNetmask = vlan.getVlanNetmask(); - rule.setVlanNetmask(vlanNetmask); - - if (rule.isForwarding()) { - fwdRules.add(rule); - final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(routerName, routerIp, rule, true); - cmds.addCommand(cmd); - } else if (rule.getGroupId() != null){ - lbRules.add(rule); - } - - } - if (lbRules.size() > 0) { //at least one load balancer rule - final LoadBalancerConfigurator cfgrtr = new HAProxyConfigurator(); - final String [] cfg = cfgrtr.generateConfiguration(fwRules); - final String [][] addRemoveRules = cfgrtr.generateFwRules(fwRules); - final LoadBalancerCfgCommand cmd = new LoadBalancerCfgCommand(cfg, addRemoveRules, routerName, routerIp); - cmds.addCommand(cmd); - } - if (cmds.size() == 0) { - return result; - } - Answer [] answers = null; - try { - answers = _agentMgr.send(host.getId(), cmds); - } catch (final AgentUnavailableException e) { - s_logger.warn("agent unavailable", e); - } catch (final OperationTimedoutException e) { - s_logger.warn("Timed Out", e); - } - if (answers == null ){ - return result; - } - i=0; - for (final FirewallRuleVO rule:fwdRules){ - final Answer ans = answers[i++]; - if (ans != null) { - if (ans.getResult()) { - result.add(rule); - } else { - s_logger.warn("Unable to update firewall rule: " + rule.toString()); - } - } - } - if (i == (answers.length-1)) { - final Answer lbAnswer = answers[i]; - if (lbAnswer.getResult()) { - result.addAll(lbRules); - } else { - s_logger.warn("Unable to update lb rules."); - } - } - return result; - } - - private boolean updatePortForwardingRule(final FirewallRuleVO rule, final DomainRouterVO router, Long hostId, String oldPrivateIP, String oldPrivatePort) { - IPAddressVO ip = _ipAddressDao.findById(rule.getPublicIpAddress()); - VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId())); - rule.setVlanNetmask(vlan.getVlanNetmask()); - - final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(router.getInstanceName(), router.getPrivateIpAddress(), rule, oldPrivateIP, oldPrivatePort); - final Answer ans = _agentMgr.easySend(hostId, cmd); - if (ans == null) { - return false; - } else { - return ans.getResult(); - } - } - - @Override - public List updatePortForwardingRules(final List fwRules, final DomainRouterVO router, Long hostId ){ - final List fwdRules = new ArrayList(); - final List result = new ArrayList(); - - if (fwRules.size() == 0) { - return result; - } - - Commands cmds = new Commands(OnError.Continue); - int i=0; - for (final FirewallRuleVO rule: fwRules) { - IPAddressVO ip = _ipAddressDao.findById(rule.getPublicIpAddress()); - VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId())); - String vlanNetmask = vlan.getVlanNetmask(); - rule.setVlanNetmask(vlanNetmask); - if (rule.isForwarding()) { - fwdRules.add(rule); - final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(router.getInstanceName(), router.getPrivateIpAddress(),rule, false); - cmds.addCommand(cmd); - } - } - try { - _agentMgr.send(hostId, cmds); - } catch (final AgentUnavailableException e) { - s_logger.warn("agent unavailable", e); - } catch (final OperationTimedoutException e) { - s_logger.warn("Timed Out", e); - } - Answer[] answers = cmds.getAnswers(); - if (answers == null ){ - return result; - } - i=0; - for (final FirewallRuleVO rule:fwdRules){ - final Answer ans = answers[i++]; - if (ans != null) { - if (ans.getResult()) { - result.add(rule); - } - } - } - return result; - } - - @Override - public FirewallRuleVO createPortForwardingRule(CreatePortForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException, NetworkRuleConflictException { - // validate IP Address exists - IPAddressVO ipAddress = _ipAddressDao.findById(cmd.getIpAddress()); - if (ipAddress == null) { - throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid IP address specified."); - } - - // validate user VM exists - UserVmVO userVM = _vmDao.findById(cmd.getVirtualMachineId()); - if (userVM == null) { - throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + cmd.getVirtualMachineId() + ")."); - } - - // validate that IP address and userVM belong to the same account - if ((ipAddress.getAccountId() == null) || (ipAddress.getAccountId().longValue() != userVM.getAccountId())) { - throw new InvalidParameterValueException("Unable to create port forwarding rule, IP address " + ipAddress + " owner is not the same as owner of virtual machine " + userVM.toString()); - } - - // validate that userVM is in the same availability zone as the IP address - if (ipAddress.getDataCenterId() != userVM.getDataCenterId()) { - throw new InvalidParameterValueException("Unable to create port forwarding rule, IP address " + ipAddress + " is not in the same availability zone as virtual machine " + userVM.toString()); - } - - // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters - Account account = UserContext.current().getAccount(); - if (account != null) { - if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) { - if (!_domainDao.isChildDomain(account.getDomainId(), userVM.getDomainId())) { - throw new PermissionDeniedException("Unable to create port forwarding rule, IP address " + ipAddress + " to virtual machine " + cmd.getVirtualMachineId() + ", permission denied."); - } - } else if (account.getId() != userVM.getAccountId()) { - throw new PermissionDeniedException("Unable to create port forwarding rule, IP address " + ipAddress + " to virtual machine " + cmd.getVirtualMachineId() + ", permission denied."); - } - } - - // set up some local variables - String protocol = cmd.getProtocol(); - String publicPort = cmd.getPublicPort(); - String privatePort = cmd.getPrivatePort(); - - // sanity check that the vm can be applied to the load balancer - ServiceOfferingVO offering = _serviceOfferingDao.findById(userVM.getServiceOfferingId()); - if ((offering == null) || !GuestIpType.Virtualized.equals(offering.getGuestIpType())) { - if (s_logger.isDebugEnabled()) { - s_logger.debug("Unable to create port forwarding rule (" + protocol + ":" + publicPort + "->" + privatePort + ") for virtual machine " + userVM.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")"); - } - - throw new IllegalArgumentException("Unable to create port forwarding rule (" + protocol + ":" + publicPort + "->" + privatePort + ") for virtual machine " + userVM.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")"); - } - - // check for ip address/port conflicts by checking existing forwarding and load balancing rules - List existingRulesOnPubIp = _rulesDao.listIPForwarding(ipAddress.getAddress()); - - // FIXME: The mapped ports should be String, String, List since more than one proto can be mapped... - Map>> mappedPublicPorts = new HashMap>>(); - - if (existingRulesOnPubIp != null) { - for (FirewallRuleVO fwRule : existingRulesOnPubIp) { - Ternary> portMappings = mappedPublicPorts.get(fwRule.getPublicPort()); - List protocolList = null; - if (portMappings == null) { - protocolList = new ArrayList(); - } else { - protocolList = portMappings.third(); - } - protocolList.add(fwRule.getProtocol()); - mappedPublicPorts.put(fwRule.getPublicPort(), new Ternary>(fwRule.getPrivateIpAddress(), fwRule.getPrivatePort(), protocolList)); - } - } - - Ternary> privateIpPort = mappedPublicPorts.get(publicPort); - if (privateIpPort != null) { - if (privateIpPort.first().equals(userVM.getGuestIpAddress()) && privateIpPort.second().equals(privatePort)) { - List protocolList = privateIpPort.third(); - for (String mappedProtocol : protocolList) { - if (mappedProtocol.equalsIgnoreCase(protocol)) { - if (s_logger.isDebugEnabled()) { - s_logger.debug("skipping the creating of firewall rule " + ipAddress + ":" + publicPort + " to " + userVM.getGuestIpAddress() + ":" + privatePort + "; rule already exists."); - } - // already mapped - throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort - + " already exists, found while trying to create mapping to " + userVM.getGuestIpAddress() + ":" + privatePort + "."); - } - } - } else { - // FIXME: Will we need to refactor this for both assign port forwarding service and create port forwarding rule? - // throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort - // + " already exists, found while trying to create mapping to " + userVM.getGuestIpAddress() + ":" + privatePort + ((securityGroupId == null) ? "." : " from port forwarding service " - // + securityGroupId.toString() + ".")); - throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort - + " already exists, found while trying to create mapping to " + userVM.getGuestIpAddress() + ":" + privatePort + "."); - } - } - - FirewallRuleVO newFwRule = new FirewallRuleVO(); - newFwRule.setEnabled(true); - newFwRule.setForwarding(true); - newFwRule.setPrivatePort(privatePort); - newFwRule.setProtocol(protocol); - newFwRule.setPublicPort(publicPort); - newFwRule.setPublicIpAddress(ipAddress.getAddress()); - newFwRule.setPrivateIpAddress(userVM.getGuestIpAddress()); - // newFwRule.setGroupId(securityGroupId); - newFwRule.setGroupId(null); - - // In 1.0 the rules were always persisted when a user created a rule. When the rules get sent down - // the stopOnError parameter is set to false, so the agent will apply all rules that it can. That - // behavior is preserved here by persisting the rule before sending it to the agent. - _rulesDao.persist(newFwRule); - - boolean success = updateFirewallRule(newFwRule, null, null); - - // Save and create the event - String description; - String ruleName = "ip forwarding"; - String level = EventVO.LEVEL_INFO; - - if (success == true) { - description = "created new " + ruleName + " rule [" + newFwRule.getPublicIpAddress() + ":" + newFwRule.getPublicPort() + "]->[" - + newFwRule.getPrivateIpAddress() + ":" + newFwRule.getPrivatePort() + "]" + " " + newFwRule.getProtocol(); - } else { - level = EventVO.LEVEL_ERROR; - description = "failed to create new " + ruleName + " rule [" + newFwRule.getPublicIpAddress() + ":" + newFwRule.getPublicPort() + "]->[" - + newFwRule.getPrivateIpAddress() + ":" + newFwRule.getPrivatePort() + "]" + " " + newFwRule.getProtocol(); - } - - EventUtils.saveEvent(UserContext.current().getUserId(), userVM.getAccountId(), level, EventTypes.EVENT_NET_RULE_ADD, description); - - return newFwRule; - } - - @Override - public List listPortForwardingRules(ListPortForwardingRulesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { - String ipAddress = cmd.getIpAddress(); - Account account = UserContext.current().getAccount(); - - IPAddressVO ipAddressVO = _ipAddressDao.findById(ipAddress); - if (ipAddressVO == null) { - throw new InvalidParameterValueException("Unable to find IP address " + ipAddress); - } - - Account addrOwner = _accountDao.findById(ipAddressVO.getAccountId()); - - // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters - if ((account != null) && isAdmin(account.getType())) { - if (ipAddressVO.getAccountId() != null) { - if ((addrOwner != null) && !_domainDao.isChildDomain(account.getDomainId(), addrOwner.getDomainId())) { - throw new PermissionDeniedException("Unable to list port forwarding rules for address " + ipAddress + ", permission denied for account " + account.getId()); - } - } - } else { - if (account != null) { - if ((ipAddressVO.getAccountId() == null) || (account.getId() != ipAddressVO.getAccountId().longValue())) { - throw new PermissionDeniedException("Unable to list port forwarding rules for address " + ipAddress + ", permission denied for account " + account.getId()); - } - } - } - - return _rulesDao.listIPForwarding(cmd.getIpAddress(), true); - } - - @Override @DB - public boolean assignToLoadBalancer(AssignToLoadBalancerRuleCmd cmd) throws NetworkRuleConflictException { - Long loadBalancerId = cmd.getLoadBalancerId(); - Long instanceIdParam = cmd.getVirtualMachineId(); - List instanceIds = cmd.getVirtualMachineIds(); - - if ((instanceIdParam == null) && (instanceIds == null)) { - throw new InvalidParameterValueException("Unable to assign to load balancer " + loadBalancerId + ", no instance id is specified."); - } - - if ((instanceIds == null) && (instanceIdParam != null)) { - instanceIds = new ArrayList(); - instanceIds.add(instanceIdParam); - } - - // FIXME: We should probably lock the load balancer here to prevent multiple updates... - LoadBalancerVO loadBalancer = _loadBalancerDao.findById(loadBalancerId); - if (loadBalancer == null) { - throw new InvalidParameterValueException("Failed to assign to load balancer " + loadBalancerId + ", the load balancer was not found."); - } - - - // Permission check... - Account account = UserContext.current().getAccount(); - if (account != null) { - if (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { - if (!_domainDao.isChildDomain(account.getDomainId(), loadBalancer.getDomainId())) { - throw new PermissionDeniedException("Failed to assign to load balancer " + loadBalancerId + ", permission denied."); - } - } else if (account.getType() != Account.ACCOUNT_TYPE_ADMIN && account.getId() != loadBalancer.getAccountId()) { - throw new PermissionDeniedException("Failed to assign to load balancer " + loadBalancerId + ", permission denied."); - } - } - - Transaction txn = Transaction.currentTxn(); - List firewallRulesToApply = new ArrayList(); - long accountId = 0; - DomainRouterVO router = null; - - List mappedInstances = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId, false); - Set mappedInstanceIds = new HashSet(); - if (mappedInstances != null) { - for (LoadBalancerVMMapVO mappedInstance : mappedInstances) { - mappedInstanceIds.add(Long.valueOf(mappedInstance.getInstanceId())); - } - } - - List finalInstanceIds = new ArrayList(); - for (Long instanceId : instanceIds) { - if (mappedInstanceIds.contains(instanceId)) { - continue; - } else { - finalInstanceIds.add(instanceId); - } - - UserVmVO userVm = _vmDao.findById(instanceId); - if (userVm == null) { - s_logger.warn("Unable to find virtual machine with id " + instanceId); - throw new InvalidParameterValueException("Unable to find virtual machine with id " + instanceId); - } else { - // sanity check that the vm can be applied to the load balancer - ServiceOfferingVO offering = _serviceOfferingDao.findById(userVm.getServiceOfferingId()); - if ((offering == null) || !GuestIpType.Virtualized.equals(offering.getGuestIpType())) { - // we previously added these instanceIds to the loadBalancerVMMap, so remove them here as we are rejecting the API request - // without actually modifying the load balancer - _loadBalancerVMMapDao.remove(loadBalancerId, instanceIds, Boolean.TRUE); - - if (s_logger.isDebugEnabled()) { - s_logger.debug("Unable to add virtual machine " + userVm.toString() + " to load balancer " + loadBalancerId + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")"); - } - - throw new InvalidParameterValueException("Unable to add virtual machine " + userVm.toString() + " to load balancer " + loadBalancerId + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")"); - } - } - - if (accountId == 0) { - accountId = userVm.getAccountId(); - } else if (accountId != userVm.getAccountId()) { - s_logger.warn("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") belongs to account " + userVm.getAccountId() - + ", previous vm in list belongs to account " + accountId); - throw new InvalidParameterValueException("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") belongs to account " + userVm.getAccountId() - + ", previous vm in list belongs to account " + accountId); - } - - DomainRouterVO nextRouter = null; - if (userVm.getDomainRouterId() != null) { - nextRouter = _routerMgr.getRouter(userVm.getDomainRouterId()); - } - if (nextRouter == null) { - s_logger.warn("Unable to find router (" + userVm.getDomainRouterId() + ") for virtual machine with id " + instanceId); - throw new InvalidParameterValueException("Unable to find router (" + userVm.getDomainRouterId() + ") for virtual machine with id " + instanceId); - } - - if (router == null) { - router = nextRouter; - - // Make sure owner of router is owner of load balancer. Since we are already checking that all VMs belong to the same router, by checking router - // ownership once we'll make sure all VMs belong to the owner of the load balancer. - if (router.getAccountId() != loadBalancer.getAccountId()) { - throw new InvalidParameterValueException("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") does not belong to the owner of load balancer " + - loadBalancer.getName() + " (owner is account id " + loadBalancer.getAccountId() + ")"); - } - } else if (router.getId() != nextRouter.getId()) { - throw new InvalidParameterValueException("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") belongs to router " + nextRouter.getHostName() - + ", previous vm in list belongs to router " + router.getHostName()); - } - - // check for ip address/port conflicts by checking exising forwarding and loadbalancing rules - String ipAddress = loadBalancer.getIpAddress(); - String privateIpAddress = userVm.getGuestIpAddress(); - List existingRulesOnPubIp = _rulesDao.listIPForwarding(ipAddress); - - if (existingRulesOnPubIp != null) { - for (FirewallRuleVO fwRule : existingRulesOnPubIp) { - if (!( (fwRule.isForwarding() == false) && - (fwRule.getGroupId() != null) && - (fwRule.getGroupId() == loadBalancer.getId()) )) { - // if the rule is not for the current load balancer, check to see if the private IP is our target IP, - // in which case we have a conflict - if (fwRule.getPublicPort().equals(loadBalancer.getPublicPort())) { - throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + loadBalancer.getPublicPort() - + " exists, found while trying to apply load balancer " + loadBalancer.getName() + " (id:" + loadBalancer.getId() + ") to instance " - + userVm.getHostName() + "."); - } - } else if (fwRule.getPrivateIpAddress().equals(privateIpAddress) && fwRule.getPrivatePort().equals(loadBalancer.getPrivatePort()) && fwRule.isEnabled()) { - // for the current load balancer, don't add the same instance to the load balancer more than once - continue; - } - } - } - - FirewallRuleVO newFwRule = new FirewallRuleVO(); - newFwRule.setAlgorithm(loadBalancer.getAlgorithm()); - newFwRule.setEnabled(true); - newFwRule.setForwarding(false); - newFwRule.setPrivatePort(loadBalancer.getPrivatePort()); - newFwRule.setPublicPort(loadBalancer.getPublicPort()); - newFwRule.setPublicIpAddress(loadBalancer.getIpAddress()); - newFwRule.setPrivateIpAddress(userVm.getGuestIpAddress()); - newFwRule.setGroupId(loadBalancer.getId()); - - firewallRulesToApply.add(newFwRule); - } - - // if there's no work to do, bail out early rather than reconfiguring the proxy with the existing rules - if (firewallRulesToApply.isEmpty()) { - return true; - } - - //Sync on domR - if(router == null){ - throw new InvalidParameterValueException("Failed to assign to load balancer " + loadBalancerId + ", the domain router was not found at " + loadBalancer.getIpAddress()); - } - else{ - cmd.synchronizeCommand("Router", router.getId()); - } - - IPAddressVO ipAddr = _ipAddressDao.findById(loadBalancer.getIpAddress()); - List ipAddrs = listPublicIpAddressesInVirtualNetwork(accountId, ipAddr.getDataCenterId(), null); - for (IPAddressVO ipv : ipAddrs) { - List rules = _rulesDao.listIpForwardingRulesForLoadBalancers(ipv.getAddress()); - firewallRulesToApply.addAll(rules); - } - - txn.start(); - - List updatedRules = null; - if (router.getState().equals(State.Starting)) { - // Starting is a special case...if the router is starting that means the IP address hasn't yet been assigned to the domR and the update firewall rules script will fail. - // In this case, just store the rules and they will be applied when the router state is resent (after the router is started). - updatedRules = firewallRulesToApply; - } else { - updatedRules = updateFirewallRules(loadBalancer.getIpAddress(), firewallRulesToApply, router); - } - - // Save and create the event - String description; - String type = EventTypes.EVENT_NET_RULE_ADD; - String ruleName = "load balancer"; - String level = EventVO.LEVEL_INFO; - - LoadBalancerVO loadBalancerLock = null; - try { - loadBalancerLock = _loadBalancerDao.acquireInLockTable(loadBalancerId); - if (loadBalancerLock == null) { - s_logger.warn("assignToLoadBalancer: Failed to lock load balancer " + loadBalancerId + ", proceeding with updating loadBalancerVMMappings..."); - } - if ((updatedRules != null) && (updatedRules.size() == firewallRulesToApply.size())) { - // flag the instances as mapped to the load balancer - for (Long addedInstanceId : finalInstanceIds) { - LoadBalancerVMMapVO mappedVM = new LoadBalancerVMMapVO(loadBalancerId, addedInstanceId); - _loadBalancerVMMapDao.persist(mappedVM); - } - - /* We used to add these instances as pending when the API command is received on the server, and once they were applied, - * the pending status was removed. In the 2.2 API framework, this is no longer done and instead the new mappings just - * need to be persisted - List pendingMappedVMs = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId, true); - for (LoadBalancerVMMapVO pendingMappedVM : pendingMappedVMs) { - if (instanceIds.contains(pendingMappedVM.getInstanceId())) { - LoadBalancerVMMapVO pendingMappedVMForUpdate = _loadBalancerVMMapDao.createForUpdate(); - pendingMappedVMForUpdate.setPending(false); - _loadBalancerVMMapDao.update(pendingMappedVM.getId(), pendingMappedVMForUpdate); - } - } - */ - - for (FirewallRuleVO updatedRule : updatedRules) { - _rulesDao.persist(updatedRule); - - description = "created new " + ruleName + " rule [" + updatedRule.getPublicIpAddress() + ":" - + updatedRule.getPublicPort() + "]->[" + updatedRule.getPrivateIpAddress() + ":" - + updatedRule.getPrivatePort() + "]" + " " + updatedRule.getProtocol(); - - EventUtils.saveEvent(UserContext.current().getUserId(), loadBalancer.getAccountId(), level, type, description); - } - txn.commit(); - return true; - } else { - // Remove the instanceIds from the load balancer since there was a failure. Make sure to commit the - // transaction here, otherwise the act of throwing the internal error exception will cause this - // remove operation to be rolled back. - _loadBalancerVMMapDao.remove(loadBalancerId, instanceIds, null); - txn.commit(); - - s_logger.warn("Failed to apply load balancer " + loadBalancer.getName() + " (id:" + loadBalancerId + ") to guest virtual machines " + StringUtils.join(instanceIds, ",")); - throw new CloudRuntimeException("Failed to apply load balancer " + loadBalancer.getName() + " (id:" + loadBalancerId + ") to guest virtual machine " + StringUtils.join(instanceIds, ",")); - } - } finally { - if (loadBalancerLock != null) { - _loadBalancerDao.releaseFromLockTable(loadBalancerId); - } - } - } - - @Override @DB - public LoadBalancer createLoadBalancerRule(CreateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { - String publicIp = cmd.getPublicIp(); - - // make sure ip address exists - IPAddressVO ipAddr = _ipAddressDao.findById(cmd.getPublicIp()); - if (ipAddr == null) { - throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address " + publicIp); - } - - VlanVO vlan = _vlanDao.findById(ipAddr.getVlanDbId()); - if (vlan != null) { - if (!VlanType.VirtualNetwork.equals(vlan.getVlanType())) { - throw new InvalidParameterValueException("Unable to create load balancer rule for IP address " + publicIp + ", only VirtualNetwork type IP addresses can be used for load balancers."); - } - } // else ERROR? - - // Verify input parameters - if ((ipAddr.getAccountId() == null) || (ipAddr.getAllocated() == null)) { - throw new InvalidParameterValueException("Unable to create load balancer rule, cannot find account owner for ip " + publicIp); - } - - Account account = UserContext.current().getAccount(); - if (account != null) { - if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) { - if (!_domainDao.isChildDomain(account.getDomainId(), ipAddr.getDomainId())) { - throw new PermissionDeniedException("Unable to create load balancer rule on IP address " + publicIp + ", permission denied."); - } - } else if (account.getId() != ipAddr.getAccountId().longValue()) { - throw new PermissionDeniedException("Unable to create load balancer rule, account " + account.getAccountName() + " doesn't own ip address " + publicIp); - } - } - - String loadBalancerName = cmd.getLoadBalancerRuleName(); - LoadBalancerVO existingLB = _loadBalancerDao.findByAccountAndName(ipAddr.getAccountId(), loadBalancerName); - if (existingLB != null) { - throw new InvalidParameterValueException("Unable to create load balancer rule, an existing load balancer rule with name " + loadBalancerName + " already exists."); - } - - // validate params - String publicPort = cmd.getPublicPort(); - String privatePort = cmd.getPrivatePort(); - String algorithm = cmd.getAlgorithm(); - - if (!NetUtils.isValidPort(publicPort)) { - throw new InvalidParameterValueException("publicPort is an invalid value"); - } - if (!NetUtils.isValidPort(privatePort)) { - throw new InvalidParameterValueException("privatePort is an invalid value"); - } - if ((algorithm == null) || !NetUtils.isValidAlgorithm(algorithm)) { - throw new InvalidParameterValueException("Invalid algorithm"); - } - - boolean locked = false; - try { - LoadBalancerVO exitingLB = _loadBalancerDao.findByIpAddressAndPublicPort(publicIp, publicPort); - if (exitingLB != null) { - throw new InvalidParameterValueException("IP Address/public port already load balanced by an existing load balancer rule"); - } - - List existingFwRules = _rulesDao.listIPForwarding(publicIp, publicPort, true); - if ((existingFwRules != null) && !existingFwRules.isEmpty()) { - throw new InvalidParameterValueException("IP Address (" + publicIp + ") and port (" + publicPort + ") already in use"); - } - - ipAddr = _ipAddressDao.acquireInLockTable(publicIp); - if (ipAddr == null) { - throw new PermissionDeniedException("User does not own ip address " + publicIp); - } - - locked = true; - - LoadBalancerVO loadBalancer = new LoadBalancerVO(loadBalancerName, cmd.getDescription(), ipAddr.getAccountId(), publicIp, publicPort, privatePort, algorithm); - loadBalancer = _loadBalancerDao.persist(loadBalancer); - Long id = loadBalancer.getId(); - - // Save off information for the event that the security group was applied - Long userId = UserContext.current().getUserId(); - if (userId == null) { - userId = Long.valueOf(User.UID_SYSTEM); - } - - EventVO event = new EventVO(); - event.setUserId(userId); - event.setAccountId(ipAddr.getAccountId()); - event.setType(EventTypes.EVENT_LOAD_BALANCER_CREATE); - - if (id == null) { - event.setDescription("Failed to create load balancer " + loadBalancer.getName() + " on ip address " + publicIp + "[" + publicPort + "->" + privatePort + "]"); - event.setLevel(EventVO.LEVEL_ERROR); - } else { - event.setDescription("Successfully created load balancer " + loadBalancer.getName() + " on ip address " + publicIp + "[" + publicPort + "->" + privatePort + "]"); - String params = "id="+loadBalancer.getId()+"\ndcId="+ipAddr.getDataCenterId(); - event.setParameters(params); - event.setLevel(EventVO.LEVEL_INFO); - } - _eventDao.persist(event); - - return _loadBalancerDao.findById(id); - } finally { - if (locked) { - _ipAddressDao.releaseFromLockTable(publicIp); - } - } - } - @Override @DB public boolean releasePublicIpAddress(long userId, final String ipAddress) { - IPAddressVO ip = null; - try { - ip = _ipAddressDao.acquireInLockTable(ipAddress); - - if (ip == null) { - s_logger.warn("Unable to find allocated ip: " + ipAddress); - return false; - } - - if(s_logger.isDebugEnabled()) { - s_logger.debug("lock on ip " + ipAddress + " is acquired"); - } - - if (ip.getAllocated() == null) { - s_logger.warn("ip: " + ipAddress + " is already released"); - return false; - } - - if (s_logger.isDebugEnabled()) { - s_logger.debug("Releasing ip " + ipAddress + "; sourceNat = " + ip.isSourceNat()); - } - - final List ipAddrs = new ArrayList(); - ipAddrs.add(ip.getAddress()); - final List firewallRules = _rulesDao.listIPForwardingForUpdate(ipAddress); - - if (s_logger.isDebugEnabled()) { - s_logger.debug("Found firewall rules: " + firewallRules.size()); - } - - for (final FirewallRuleVO fw: firewallRules) { - fw.setEnabled(false); - } - - DomainRouterVO router = null; - if (ip.isSourceNat()) { - router = _routerMgr.getRouter(ipAddress); - if (router != null) { - if (router.getPublicIpAddress() != null) { - return false; - } - } - } else { - router = _routerMgr.getRouter(ip.getAccountId(), ip.getDataCenterId()); - } - - // Now send the updates down to the domR (note: we still hold locks on address and firewall) - updateFirewallRules(ipAddress, firewallRules, router); - - for (final FirewallRuleVO rule: firewallRules) { - _rulesDao.remove(rule.getId()); - - // Save and create the event - String ruleName = (rule.isForwarding() ? "ip forwarding" : "load balancer"); - String description = "deleted " + ruleName + " rule [" + rule.getPublicIpAddress() + ":" + rule.getPublicPort() - + "]->[" + rule.getPrivateIpAddress() + ":" + rule.getPrivatePort() + "]" + " " - + rule.getProtocol(); - - // save off an event for removing the network rule - EventVO event = new EventVO(); - event.setUserId(userId); - event.setAccountId(ip.getAccountId()); - event.setType(EventTypes.EVENT_NET_RULE_DELETE); - event.setDescription(description); - event.setLevel(EventVO.LEVEL_INFO); - _eventDao.persist(event); - } - - List loadBalancers = _loadBalancerDao.listByIpAddress(ipAddress); - for (LoadBalancerVO loadBalancer : loadBalancers) { - _loadBalancerDao.remove(loadBalancer.getId()); - - // save off an event for removing the load balancer - EventVO event = new EventVO(); - event.setUserId(userId); - event.setAccountId(ip.getAccountId()); - event.setType(EventTypes.EVENT_LOAD_BALANCER_DELETE); - String params = "id="+loadBalancer.getId(); - event.setParameters(params); - event.setDescription("Successfully deleted load balancer " + loadBalancer.getId()); - event.setLevel(EventVO.LEVEL_INFO); - _eventDao.persist(event); - } - - if ((router != null) && (router.getState() == State.Running)) { - if (s_logger.isDebugEnabled()) { - s_logger.debug("Disassociate ip " + router.getHostName()); - } - - if (associateIP(router, ip.getAddress(), false, 0)) { - _ipAddressDao.unassignIpAddress(ipAddress); - } else { - if (s_logger.isDebugEnabled()) { - s_logger.debug("Unable to dissociate IP : " + ipAddress + " due to failing to dissociate with router: " + router.getHostName()); - } - - final EventVO event = new EventVO(); - event.setUserId(userId); - event.setAccountId(ip.getAccountId()); - event.setType(EventTypes.EVENT_NET_IP_RELEASE); - event.setLevel(EventVO.LEVEL_ERROR); - event.setParameters("address=" + ipAddress + "\nsourceNat="+ip.isSourceNat()); - event.setDescription("failed to released a public ip: " + ipAddress + " due to failure to disassociate with router " + router.getHostName()); - _eventDao.persist(event); - - return false; - } - } else { - _ipAddressDao.unassignIpAddress(ipAddress); - } - s_logger.debug("released a public ip: " + ipAddress); - final EventVO event = new EventVO(); - event.setUserId(userId); - event.setAccountId(ip.getAccountId()); - event.setType(EventTypes.EVENT_NET_IP_RELEASE); - event.setParameters("address=" + ipAddress + "\nsourceNat="+ip.isSourceNat()); - event.setDescription("released a public ip: " + ipAddress); - _eventDao.persist(event); - - return true; - } catch (final Throwable e) { - s_logger.warn("ManagementServer error", e); - return false; - } finally { - if(ip != null) { - if(s_logger.isDebugEnabled()) { - s_logger.debug("Releasing lock on ip " + ipAddress); - } - _ipAddressDao.releaseFromLockTable(ipAddress); - } - } + return false; // FIXME +// IPAddressVO ip = null; +// try { +// ip = _ipAddressDao.acquireInLockTable(ipAddress); +// +// if (ip == null) { +// s_logger.warn("Unable to find allocated ip: " + ipAddress); +// return false; +// } +// +// if(s_logger.isDebugEnabled()) { +// s_logger.debug("lock on ip " + ipAddress + " is acquired"); +// } +// +// if (ip.getAllocated() == null) { +// s_logger.warn("ip: " + ipAddress + " is already released"); +// return false; +// } +// +// if (s_logger.isDebugEnabled()) { +// s_logger.debug("Releasing ip " + ipAddress + "; sourceNat = " + ip.isSourceNat()); +// } +// +// +// final List ipAddrs = new ArrayList(); +// ipAddrs.add(ip.getAddress()); +// final List firewallRules = _rulesDao.listIPForwardingForUpdate(ipAddress); +// +// if (s_logger.isDebugEnabled()) { +// s_logger.debug("Found firewall rules: " + firewallRules.size()); +// } +// +// for (final PortForwardingRuleVO fw: firewallRules) { +// fw.setEnabled(false); +// } +// +// DomainRouterVO router = null; +// if (ip.isSourceNat()) { +// router = _routerMgr.getRouter(ipAddress); +// if (router != null) { +// if (router.getPublicIpAddress() != null) { +// return false; +// } +// } +// } else { +// router = _routerMgr.getRouter(ip.getAccountId(), ip.getDataCenterId()); +// } +// +// // Now send the updates down to the domR (note: we still hold locks on address and firewall) +// updateFirewallRules(ipAddress, firewallRules, router); +// +// for (final PortForwardingRuleVO rule: firewallRules) { +// _rulesDao.remove(rule.getId()); +// +// // Save and create the event +// String ruleName = (rule.isForwarding() ? "ip forwarding" : "load balancer"); +// String description = "deleted " + ruleName + " rule [" + rule.getSourceIpAddress() + ":" + rule.getSourcePort() +// + "]->[" + rule.getDestinationIpAddress() + ":" + rule.getDestinationPort() + "]" + " " +// + rule.getProtocol(); +// +// // save off an event for removing the network rule +// EventVO event = new EventVO(); +// event.setUserId(userId); +// event.setAccountId(ip.getAccountId()); +// event.setType(EventTypes.EVENT_NET_RULE_DELETE); +// event.setDescription(description); +// event.setLevel(EventVO.LEVEL_INFO); +// _eventDao.persist(event); +// } +// +// List loadBalancers = _loadBalancerDao.listByIpAddress(ipAddress); +// for (LoadBalancerVO loadBalancer : loadBalancers) { +// _loadBalancerDao.remove(loadBalancer.getId()); +// +// // save off an event for removing the load balancer +// EventVO event = new EventVO(); +// event.setUserId(userId); +// event.setAccountId(ip.getAccountId()); +// event.setType(EventTypes.EVENT_LOAD_BALANCER_DELETE); +// String params = "id="+loadBalancer.getId(); +// event.setParameters(params); +// event.setDescription("Successfully deleted load balancer " + loadBalancer.getId()); +// event.setLevel(EventVO.LEVEL_INFO); +// _eventDao.persist(event); +// } +// +// if ((router != null) && (router.getState() == State.Running)) { +// if (s_logger.isDebugEnabled()) { +// s_logger.debug("Disassociate ip " + router.getHostName()); +// } +// +// if (associateIP(router, ip.getAddress(), false, 0)) { +// _ipAddressDao.unassignIpAddress(ipAddress); +// } else { +// if (s_logger.isDebugEnabled()) { +// s_logger.debug("Unable to dissociate IP : " + ipAddress + " due to failing to dissociate with router: " + router.getHostName()); +// } +// +// final EventVO event = new EventVO(); +// event.setUserId(userId); +// event.setAccountId(ip.getAccountId()); +// event.setType(EventTypes.EVENT_NET_IP_RELEASE); +// event.setLevel(EventVO.LEVEL_ERROR); +// event.setParameters("address=" + ipAddress + "\nsourceNat="+ip.isSourceNat()); +// event.setDescription("failed to released a public ip: " + ipAddress + " due to failure to disassociate with router " + router.getHostName()); +// _eventDao.persist(event); +// +// return false; +// } +// } else { +// _ipAddressDao.unassignIpAddress(ipAddress); +// } +// s_logger.debug("released a public ip: " + ipAddress); +// final EventVO event = new EventVO(); +// event.setUserId(userId); +// event.setAccountId(ip.getAccountId()); +// event.setType(EventTypes.EVENT_NET_IP_RELEASE); +// event.setParameters("address=" + ipAddress + "\nsourceNat="+ip.isSourceNat()); +// event.setDescription("released a public ip: " + ipAddress); +// _eventDao.persist(event); +// +// return true; +// } catch (final Throwable e) { +// s_logger.warn("ManagementServer error", e); +// return false; +// } finally { +// if(ip != null) { +// if(s_logger.isDebugEnabled()) { +// s_logger.debug("Releasing lock on ip " + ipAddress); +// } +// _ipAddressDao.releaseFromLockTable(ipAddress); +// } +// } } @Override @@ -1639,29 +952,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return _routerMgr.getRouters(hostId); } - @Override - public boolean updateLoadBalancerRules(final List fwRules, final DomainRouterVO router, Long hostId) { - - for (FirewallRuleVO rule : fwRules) { - // Determine the the VLAN ID and netmask of the rule's public IP address - IPAddressVO ip = _ipAddressDao.findById(rule.getPublicIpAddress()); - VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId())); - String vlanNetmask = vlan.getVlanNetmask(); - - rule.setVlanNetmask(vlanNetmask); - } - - final LoadBalancerConfigurator cfgrtr = new HAProxyConfigurator(); - final String [] cfg = cfgrtr.generateConfiguration(fwRules); - final String [][] addRemoveRules = cfgrtr.generateFwRules(fwRules); - final LoadBalancerCfgCommand cmd = new LoadBalancerCfgCommand(cfg, addRemoveRules, router.getInstanceName(), router.getPrivateIpAddress()); - final Answer ans = _agentMgr.easySend(hostId, cmd); - if (ans == null) { - return false; - } else { - return ans.getResult(); - } - } private Integer getIntegerConfigValue(String configKey, Integer dflt) { String value = _configs.get(configKey); @@ -2122,320 +1412,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return _nicDao.listBy(vm.getId()); } - @Override @DB - public boolean removeFromLoadBalancer(RemoveFromLoadBalancerRuleCmd cmd) throws InvalidParameterValueException { - Long userId = UserContext.current().getUserId(); - Account account = UserContext.current().getAccount(); - Long loadBalancerId = cmd.getId(); - Long vmInstanceId = cmd.getVirtualMachineId(); - List instanceIds = cmd.getVirtualMachineIds(); - - if ((vmInstanceId == null) && (instanceIds == null)) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "No virtual machine id specified."); - } - - // if a single instanceId was given, add it to the list so we can always just process the list if instanceIds - if (instanceIds == null) { - instanceIds = new ArrayList(); - instanceIds.add(vmInstanceId); - } - - if (userId == null) { - userId = Long.valueOf(1); - } - - LoadBalancerVO loadBalancer = _loadBalancerDao.findById(Long.valueOf(loadBalancerId)); - - if (loadBalancer == null) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find load balancer rule with id " + loadBalancerId); - } else if (account != null) { - if (!isAdmin(account.getType()) && (loadBalancer.getAccountId() != account.getId())) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName() + - " (id:" + loadBalancer.getId() + ")"); - } else if (!_domainDao.isChildDomain(account.getDomainId(), loadBalancer.getDomainId())) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid load balancer rule id (" + loadBalancer.getId() + ") given, unable to remove virtual machine instances."); - } - } - - Transaction txn = Transaction.currentTxn(); - LoadBalancerVO loadBalancerLock = null; - boolean success = true; - try { - - IPAddressVO ipAddress = _ipAddressDao.findById(loadBalancer.getIpAddress()); - if (ipAddress == null) { - return false; - } - - DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId()); - if (router == null) { - return false; - } - - txn.start(); - for (Long instanceId : instanceIds) { - UserVm userVm = _userVmDao.findById(instanceId); - if (userVm == null) { - s_logger.warn("Unable to find virtual machine with id " + instanceId); - throw new InvalidParameterValueException("Unable to find virtual machine with id " + instanceId); - } - FirewallRuleVO fwRule = _rulesDao.findByGroupAndPrivateIp(loadBalancerId, userVm.getGuestIpAddress(), false); - if (fwRule != null) { - fwRule.setEnabled(false); - _rulesDao.update(fwRule.getId(), fwRule); - } - } - - List allLbRules = new ArrayList(); - IPAddressVO ipAddr = _ipAddressDao.findById(loadBalancer.getIpAddress()); - List ipAddrs = listPublicIpAddressesInVirtualNetwork(loadBalancer.getAccountId(), ipAddr.getDataCenterId(), null); - for (IPAddressVO ipv : ipAddrs) { - List rules = _rulesDao.listIPForwarding(ipv.getAddress(), false); - allLbRules.addAll(rules); - } - - updateFirewallRules(loadBalancer.getIpAddress(), allLbRules, router); - - // firewall rules are updated, lock the load balancer as mappings are updated - loadBalancerLock = _loadBalancerDao.acquireInLockTable(loadBalancerId); - if (loadBalancerLock == null) { - s_logger.warn("removeFromLoadBalancer: failed to lock load balancer " + loadBalancerId + ", deleting mappings anyway..."); - } - - // remove all the loadBalancer->VM mappings - _loadBalancerVMMapDao.remove(loadBalancerId, instanceIds, Boolean.FALSE); - - // Save and create the event - String description; - String type = EventTypes.EVENT_NET_RULE_DELETE; - String level = EventVO.LEVEL_INFO; - - for (FirewallRuleVO updatedRule : allLbRules) { - if (!updatedRule.isEnabled()) { - _rulesDao.remove(updatedRule.getId()); - - description = "deleted load balancer rule [" + updatedRule.getPublicIpAddress() + ":" + updatedRule.getPublicPort() + "]->[" - + updatedRule.getPrivateIpAddress() + ":" + updatedRule.getPrivatePort() + "]" + " " + updatedRule.getProtocol(); - - EventUtils.saveEvent(userId, loadBalancer.getAccountId(), level, type, description); - } - } - txn.commit(); - } catch (Exception ex) { - s_logger.warn("Failed to delete load balancing rule with exception: ", ex); - success = false; - txn.rollback(); - } finally { - if (loadBalancerLock != null) { - _loadBalancerDao.releaseFromLockTable(loadBalancerId); - } - } - return success; - } - - @Override @DB - public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ - Long loadBalancerId = cmd.getId(); - Long userId = UserContext.current().getUserId(); - Account account = UserContext.current().getAccount(); - - ///verify input parameters - LoadBalancerVO loadBalancer = _loadBalancerDao.findById(loadBalancerId); - if (loadBalancer == null) { - throw new InvalidParameterValueException ("Unable to find load balancer rule with id " + loadBalancerId); - } - - if (account != null) { - if (!isAdmin(account.getType())) { - if (loadBalancer.getAccountId() != account.getId()) { - throw new PermissionDeniedException("Account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied"); - } - } else if (!_domainDao.isChildDomain(account.getDomainId(), loadBalancer.getDomainId())) { - throw new PermissionDeniedException("Unable to delete load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied."); - } - } - - if (userId == null) { - userId = Long.valueOf(1); - } - - Transaction txn = Transaction.currentTxn(); - LoadBalancerVO loadBalancerLock = null; - try { - - IPAddressVO ipAddress = _ipAddressDao.findById(loadBalancer.getIpAddress()); - if (ipAddress == null) { - return false; - } - - DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId()); - List fwRules = _firewallRulesDao.listByLoadBalancerId(loadBalancerId); - - txn.start(); - - if ((fwRules != null) && !fwRules.isEmpty()) { - for (FirewallRuleVO fwRule : fwRules) { - fwRule.setEnabled(false); - _firewallRulesDao.update(fwRule.getId(), fwRule); - } - - List allLbRules = new ArrayList(); - List ipAddrs = listPublicIpAddressesInVirtualNetwork(loadBalancer.getAccountId(), ipAddress.getDataCenterId(), null); - for (IPAddressVO ipv : ipAddrs) { - List rules = _firewallRulesDao.listIPForwarding(ipv.getAddress(), false); - allLbRules.addAll(rules); - } - - updateFirewallRules(loadBalancer.getIpAddress(), allLbRules, router); - - // firewall rules are updated, lock the load balancer as the mappings are updated - loadBalancerLock = _loadBalancerDao.acquireInLockTable(loadBalancerId); - if (loadBalancerLock == null) { - s_logger.warn("deleteLoadBalancer: failed to lock load balancer " + loadBalancerId + ", deleting mappings anyway..."); - } - - // remove all loadBalancer->VM mappings - List lbVmMap = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId); - if (lbVmMap != null && !lbVmMap.isEmpty()) { - for (LoadBalancerVMMapVO lb : lbVmMap) { - _loadBalancerVMMapDao.remove(lb.getId()); - } - } - - // Save and create the event - String description; - String type = EventTypes.EVENT_NET_RULE_DELETE; - String ruleName = "load balancer"; - String level = EventVO.LEVEL_INFO; - Account accountOwner = _accountDao.findById(loadBalancer.getAccountId()); - - for (FirewallRuleVO updatedRule : fwRules) { - _firewallRulesDao.remove(updatedRule.getId()); - - description = "deleted " + ruleName + " rule [" + updatedRule.getPublicIpAddress() + ":" + updatedRule.getPublicPort() + "]->[" - + updatedRule.getPrivateIpAddress() + ":" + updatedRule.getPrivatePort() + "]" + " " + updatedRule.getProtocol(); - - EventUtils.saveEvent(userId, accountOwner.getId(), level, type, description); - } - } - - txn.commit(); - } catch (Exception ex) { - txn.rollback(); - s_logger.error("Unexpected exception deleting load balancer " + loadBalancerId, ex); - return false; - } finally { - if (loadBalancerLock != null) { - _loadBalancerDao.releaseFromLockTable(loadBalancerId); - } - } - - boolean success = _loadBalancerDao.remove(loadBalancerId); - - // save off an event for removing the load balancer - EventVO event = new EventVO(); - event.setUserId(userId); - event.setAccountId(loadBalancer.getAccountId()); - event.setType(EventTypes.EVENT_LOAD_BALANCER_DELETE); - if (success) { - event.setLevel(EventVO.LEVEL_INFO); - String params = "id="+loadBalancer.getId(); - event.setParameters(params); - event.setDescription("Successfully deleted load balancer " + loadBalancer.getName() + " (id:" + loadBalancer.getId() + ")"); - } else { - event.setLevel(EventVO.LEVEL_ERROR); - event.setDescription("Failed to delete load balancer " + loadBalancer.getName() + " (id:" + loadBalancer.getId() + ")"); - } - _eventDao.persist(event); - return success; - } - - - @Override @DB - public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ - Long loadBalancerId = cmd.getId(); - String privatePort = cmd.getPrivatePort(); - String algorithm = cmd.getAlgorithm(); - String name = cmd.getLoadBalancerName(); - String description = cmd.getDescription(); - Account account = UserContext.current().getAccount(); - - //Verify input parameters - LoadBalancerVO loadBalancer = _loadBalancerDao.findById(loadBalancerId); - if (loadBalancer == null) { - throw new InvalidParameterValueException("Unable to find load balancer rule " + loadBalancerId + " for update."); - } - - // make sure the name's not already in use - if (name != null) { - LoadBalancerVO existingLB = _loadBalancerDao.findByAccountAndName(loadBalancer.getAccountId(), name); - if ((existingLB != null) && (existingLB.getId() != loadBalancer.getId())) { - throw new InvalidParameterValueException("Unable to update load balancer " + loadBalancer.getName() + " with new name " + name + ", the name is already in use."); - } - } - - Account lbOwner = _accountDao.findById(loadBalancer.getAccountId()); - if (lbOwner == null) { - throw new InvalidParameterValueException("Unable to update load balancer rule, cannot find owning account"); - } - - Long accountId = lbOwner.getId(); - if (account != null) { - if (!isAdmin(account.getType())) { - if (account.getId() != accountId.longValue()) { - throw new PermissionDeniedException("Unable to update load balancer rule, permission denied"); - } - } else if (!_domainDao.isChildDomain(account.getDomainId(), lbOwner.getDomainId())) { - throw new PermissionDeniedException("Unable to update load balancer rule, permission denied."); - } - } - - String updatedPrivatePort = ((privatePort == null) ? loadBalancer.getPrivatePort() : privatePort); - String updatedAlgorithm = ((algorithm == null) ? loadBalancer.getAlgorithm() : algorithm); - String updatedName = ((name == null) ? loadBalancer.getName() : name); - String updatedDescription = ((description == null) ? loadBalancer.getDescription() : description); - - Transaction txn = Transaction.currentTxn(); - try { - txn.start(); - loadBalancer.setPrivatePort(updatedPrivatePort); - loadBalancer.setAlgorithm(updatedAlgorithm); - loadBalancer.setName(updatedName); - loadBalancer.setDescription(updatedDescription); - _loadBalancerDao.update(loadBalancer.getId(), loadBalancer); - - List fwRules = _firewallRulesDao.listByLoadBalancerId(loadBalancer.getId()); - if ((fwRules != null) && !fwRules.isEmpty()) { - for (FirewallRuleVO fwRule : fwRules) { - fwRule.setPrivatePort(updatedPrivatePort); - fwRule.setAlgorithm(updatedAlgorithm); - _firewallRulesDao.update(fwRule.getId(), fwRule); - } - } - txn.commit(); - } catch (RuntimeException ex) { - s_logger.warn("Unhandled exception trying to update load balancer rule", ex); - txn.rollback(); - throw ex; - } finally { - txn.close(); - } - - // now that the load balancer has been updated, reconfigure the HA Proxy on the router with all the LB rules - List allLbRules = new ArrayList(); - IPAddressVO ipAddress = _ipAddressDao.findById(loadBalancer.getIpAddress()); - List ipAddrs = listPublicIpAddressesInVirtualNetwork(loadBalancer.getAccountId(), ipAddress.getDataCenterId(), null); - for (IPAddressVO ipv : ipAddrs) { - List rules = _firewallRulesDao.listIPForwarding(ipv.getAddress(), false); - allLbRules.addAll(rules); - } - - IPAddressVO ip = _ipAddressDao.findById(loadBalancer.getIpAddress()); - DomainRouterVO router = _routerMgr.getRouter(ip.getAccountId(), ip.getDataCenterId()); - updateFirewallRules(loadBalancer.getIpAddress(), allLbRules, router); - return _loadBalancerDao.findById(loadBalancer.getId()); - } public static boolean isAdmin(short accountType) { return ((accountType == Account.ACCOUNT_TYPE_ADMIN) || @@ -2544,121 +1521,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } } - @Override @DB - public boolean deletePortForwardingRule(Long id, boolean sysContext) { - Long ruleId = id; - Long userId = null; - Account account = null; - if(sysContext){ - userId = User.UID_SYSTEM; - account = _accountDao.findById(User.UID_SYSTEM); - }else{ - userId = UserContext.current().getUserId(); - account = UserContext.current().getAccount(); - } - - - //verify input parameters here - FirewallRuleVO rule = _firewallRulesDao.findById(ruleId); - if (rule == null) { - throw new InvalidParameterValueException("Unable to find port forwarding rule " + ruleId); - } - - String publicIp = rule.getPublicIpAddress(); - String privateIp = rule.getPrivateIpAddress(); - - IPAddressVO ipAddress = _ipAddressDao.findById(publicIp); - if (ipAddress == null) { - throw new InvalidParameterValueException("Unable to find IP address for port forwarding rule " + ruleId); - } - - // although we are not writing these values to the DB, we will check - // them out of an abundance - // of caution (may not be warranted) - String privatePort = rule.getPrivatePort(); - String publicPort = rule.getPublicPort(); - if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) { - throw new InvalidParameterValueException("Invalid value for port"); - } - - String proto = rule.getProtocol(); - if (!NetUtils.isValidProto(proto)) { - throw new InvalidParameterValueException("Invalid protocol"); - } - - Account ruleOwner = _accountDao.findById(ipAddress.getAccountId()); - if (ruleOwner == null) { - throw new InvalidParameterValueException("Unable to find owning account for port forwarding rule " + ruleId); - } - - // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters - if (account != null) { - if (isAdmin(account.getType())) { - if (!_domainDao.isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) { - throw new PermissionDeniedException("Unable to delete port forwarding rule " + ruleId + ", permission denied."); - } - } else if (account.getId() != ruleOwner.getId()) { - throw new PermissionDeniedException("Unable to delete port forwarding rule " + ruleId + ", permission denied."); - } - } - - Transaction txn = Transaction.currentTxn(); - boolean locked = false; - boolean success = false; - try { - - IPAddressVO ipVO = _ipAddressDao.acquireInLockTable(publicIp); - if (ipVO == null) { - // throw this exception because hackers can use the api to probe for allocated ips - throw new PermissionDeniedException("User does not own supplied address"); - } - - locked = true; - txn.start(); - List fwdings = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, proto); - FirewallRuleVO fwRule = null; - if (fwdings.size() == 0) { - throw new InvalidParameterValueException("No such rule"); - } else if (fwdings.size() == 1) { - fwRule = fwdings.get(0); - if (fwRule.getPrivateIpAddress().equalsIgnoreCase(privateIp) && fwRule.getPrivatePort().equals(privatePort)) { - _firewallRulesDao.expunge(fwRule.getId()); - } else { - throw new InvalidParameterValueException("No such rule"); - } - } else { - throw new CloudRuntimeException("Multiple matches. Please contact support"); - } - fwRule.setEnabled(false); - success = updateFirewallRule(fwRule, null, null); - - String description; - String type = EventTypes.EVENT_NET_RULE_DELETE; - String level = EventVO.LEVEL_INFO; - String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer"; - - if (success) { - description = "deleted " + ruleName + " rule [" + publicIp + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":" - + rule.getPrivatePort() + "] " + rule.getProtocol(); - } else { - level = EventVO.LEVEL_ERROR; - description = "Error while deleting " + ruleName + " rule [" + publicIp + ":" + rule.getPublicPort() + "]->[" + rule.getPrivateIpAddress() + ":" - + rule.getPrivatePort() + "] " + rule.getProtocol(); - } - EventUtils.saveEvent(userId, ipAddress.getAccountId(), level, type, description); - txn.commit(); - }catch (Exception ex) { - txn.rollback(); - s_logger.error("Unexpected exception deleting port forwarding rule " + ruleId, ex); - return false; - }finally { - if (locked) { - _ipAddressDao.releaseFromLockTable(publicIp); - } - txn.close(); - } - return success; - } @Override public List getAccountsUsingNetworkConfiguration(long configurationId) { @@ -2698,124 +1560,125 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @DB public RemoteAccessVpnVO createRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws InvalidParameterValueException, PermissionDeniedException, ConcurrentOperationException { - String publicIp = cmd.getPublicIp(); - IPAddressVO ipAddr = null; - Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId()); - if (publicIp == null) { - List accountAddrs = _ipAddressDao.listByAccount(account.getId()); - for (IPAddressVO addr: accountAddrs){ - if (addr.getSourceNat() && addr.getDataCenterId() == cmd.getZoneId()){ - ipAddr = addr; - publicIp = ipAddr.getAddress(); - break; - } - } - if (ipAddr == null) { - throw new InvalidParameterValueException("Account " + account.getAccountName() + " does not have any public ip addresses in zone " + cmd.getZoneId()); - } - } - - // make sure ip address exists - ipAddr = _ipAddressDao.findById(publicIp); - if (ipAddr == null) { - throw new InvalidParameterValueException("Unable to create remote access vpn, invalid public IP address " + publicIp); - } - - VlanVO vlan = _vlanDao.findById(ipAddr.getVlanDbId()); - if (vlan != null) { - if (!VlanType.VirtualNetwork.equals(vlan.getVlanType())) { - throw new InvalidParameterValueException("Unable to create VPN for IP address " + publicIp + ", only VirtualNetwork type IP addresses can be used for VPN."); - } - } - assert vlan != null:"Inconsistent DB state -- ip address does not belong to any vlan?"; - - if ((ipAddr.getAccountId() == null) || (ipAddr.getAllocated() == null)) { - throw new PermissionDeniedException("Unable to create VPN, permission denied for ip " + publicIp); - } - - if (account != null) { - if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) { - if (!_domainDao.isChildDomain(account.getDomainId(), ipAddr.getDomainId())) { - throw new PermissionDeniedException("Unable to create VPN with public IP address " + publicIp + ", permission denied."); - } - } else if (account.getId() != ipAddr.getAccountId().longValue()) { - throw new PermissionDeniedException("Unable to create VPN for account " + account.getAccountName() + " doesn't own ip address " + publicIp); - } - } - - RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIp); - if (vpnVO != null) { - throw new InvalidParameterValueException("A Remote Access VPN already exists for this public Ip address"); - } - //TODO: assumes one virtual network / domr per account per zone - vpnVO = _remoteAccessVpnDao.findByAccountAndZone(account.getId(), cmd.getZoneId()); - if (vpnVO != null) { - throw new InvalidParameterValueException("A Remote Access VPN already exists for this account"); - } - String ipRange = cmd.getIpRange(); - if (ipRange == null) { - ipRange = _configs.get(Config.RemoteAccessVpnClientIpRange.key()); - } - String [] range = ipRange.split("-"); - if (range.length != 2) { - throw new InvalidParameterValueException("Invalid ip range"); - } - if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])){ - throw new InvalidParameterValueException("Invalid ip in range specification " + ipRange); - } - if (!NetUtils.validIpRange(range[0], range[1])){ - throw new InvalidParameterValueException("Invalid ip range " + ipRange); - } - String [] guestIpRange = getGuestIpRange(); - if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) { - throw new InvalidParameterValueException("Invalid ip range: " + ipRange + " overlaps with guest ip range " + guestIpRange[0] + "-" + guestIpRange[1]); - } - //TODO: check sufficient range - //TODO: check overlap with private and public ip ranges in datacenter - - long startIp = NetUtils.ip2Long(range[0]); - String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1]; - String sharedSecret = PasswordGenerator.generatePresharedKey(getIntegerConfigValue(Config.RemoteAccessVpnPskLength.key(), 24)); - Transaction txn = Transaction.currentTxn(); - txn.start(); - boolean locked = false; - try { - ipAddr = _ipAddressDao.acquireInLockTable(publicIp); - if (ipAddr == null) { - throw new ConcurrentOperationException("Another operation active, unable to create vpn"); - } - locked = true; - //check overlap with port forwarding rules on this ip (udp ports 500, 4500) - List existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_PORT, NetUtils.UDP_PROTO); - if (!existing.isEmpty()) { - throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_PORT + " is configured for destination NAT"); - } - existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_NATT_PORT, NetUtils.UDP_PROTO); - if (!existing.isEmpty()) { - throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_NATT_PORT + " is configured for destination NAT"); - } - existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_L2TP_PORT, NetUtils.UDP_PROTO); - if (!existing.isEmpty()) { - throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_L2TP_PORT + " is configured for destination NAT"); - } - if (_rulesDao.isPublicIpOneToOneNATted(publicIp)) { - throw new InvalidParameterValueException("Public Ip " + publicIp + " is configured for destination NAT"); - } - vpnVO = new RemoteAccessVpnVO(account.getId(), cmd.getZoneId(), publicIp, range[0], newIpRange, sharedSecret); - vpnVO = _remoteAccessVpnDao.persist(vpnVO); - FirewallRuleVO rule = new FirewallRuleVO(null, publicIp, NetUtils.VPN_PORT, guestIpRange[0], NetUtils.VPN_PORT, true, NetUtils.UDP_PROTO, false, null); - _rulesDao.persist(rule); - rule = new FirewallRuleVO(null, publicIp, NetUtils.VPN_NATT_PORT, guestIpRange[0], NetUtils.VPN_NATT_PORT, true, NetUtils.UDP_PROTO, false, null); - _rulesDao.persist(rule); - rule = new FirewallRuleVO(null, publicIp, NetUtils.VPN_L2TP_PORT, guestIpRange[0], NetUtils.VPN_L2TP_PORT, true, NetUtils.UDP_PROTO, false, null); - _rulesDao.persist(rule); - txn.commit(); - return vpnVO; - } finally { - if (locked) { - _ipAddressDao.releaseFromLockTable(publicIp); - } - } + return null; +// String publicIp = cmd.getPublicIp(); +// IPAddressVO ipAddr = null; +// Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId()); +// if (publicIp == null) { +// List accountAddrs = _ipAddressDao.listByAccount(account.getId()); +// for (IPAddressVO addr: accountAddrs){ +// if (addr.getSourceNat() && addr.getDataCenterId() == cmd.getZoneId()){ +// ipAddr = addr; +// publicIp = ipAddr.getAddress(); +// break; +// } +// } +// if (ipAddr == null) { +// throw new InvalidParameterValueException("Account " + account.getAccountName() + " does not have any public ip addresses in zone " + cmd.getZoneId()); +// } +// } +// +// // make sure ip address exists +// ipAddr = _ipAddressDao.findById(publicIp); +// if (ipAddr == null) { +// throw new InvalidParameterValueException("Unable to create remote access vpn, invalid public IP address " + publicIp); +// } +// +// VlanVO vlan = _vlanDao.findById(ipAddr.getVlanDbId()); +// if (vlan != null) { +// if (!VlanType.VirtualNetwork.equals(vlan.getVlanType())) { +// throw new InvalidParameterValueException("Unable to create VPN for IP address " + publicIp + ", only VirtualNetwork type IP addresses can be used for VPN."); +// } +// } +// assert vlan != null:"Inconsistent DB state -- ip address does not belong to any vlan?"; +// +// if ((ipAddr.getAccountId() == null) || (ipAddr.getAllocated() == null)) { +// throw new PermissionDeniedException("Unable to create VPN, permission denied for ip " + publicIp); +// } +// +// if (account != null) { +// if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) { +// if (!_domainDao.isChildDomain(account.getDomainId(), ipAddr.getDomainId())) { +// throw new PermissionDeniedException("Unable to create VPN with public IP address " + publicIp + ", permission denied."); +// } +// } else if (account.getId() != ipAddr.getAccountId().longValue()) { +// throw new PermissionDeniedException("Unable to create VPN for account " + account.getAccountName() + " doesn't own ip address " + publicIp); +// } +// } +// +// RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByPublicIpAddress(publicIp); +// if (vpnVO != null) { +// throw new InvalidParameterValueException("A Remote Access VPN already exists for this public Ip address"); +// } +// //TODO: assumes one virtual network / domr per account per zone +// vpnVO = _remoteAccessVpnDao.findByAccountAndZone(account.getId(), cmd.getZoneId()); +// if (vpnVO != null) { +// throw new InvalidParameterValueException("A Remote Access VPN already exists for this account"); +// } +// String ipRange = cmd.getIpRange(); +// if (ipRange == null) { +// ipRange = _configs.get(Config.RemoteAccessVpnClientIpRange.key()); +// } +// String [] range = ipRange.split("-"); +// if (range.length != 2) { +// throw new InvalidParameterValueException("Invalid ip range"); +// } +// if (!NetUtils.isValidIp(range[0]) || !NetUtils.isValidIp(range[1])){ +// throw new InvalidParameterValueException("Invalid ip in range specification " + ipRange); +// } +// if (!NetUtils.validIpRange(range[0], range[1])){ +// throw new InvalidParameterValueException("Invalid ip range " + ipRange); +// } +// String [] guestIpRange = getGuestIpRange(); +// if (NetUtils.ipRangesOverlap(range[0], range[1], guestIpRange[0], guestIpRange[1])) { +// throw new InvalidParameterValueException("Invalid ip range: " + ipRange + " overlaps with guest ip range " + guestIpRange[0] + "-" + guestIpRange[1]); +// } +// //TODO: check sufficient range +// //TODO: check overlap with private and public ip ranges in datacenter +// +// long startIp = NetUtils.ip2Long(range[0]); +// String newIpRange = NetUtils.long2Ip(++startIp) + "-" + range[1]; +// String sharedSecret = PasswordGenerator.generatePresharedKey(getIntegerConfigValue(Config.RemoteAccessVpnPskLength.key(), 24)); +// Transaction txn = Transaction.currentTxn(); +// txn.start(); +// boolean locked = false; +// try { +// ipAddr = _ipAddressDao.acquireInLockTable(publicIp); +// if (ipAddr == null) { +// throw new ConcurrentOperationException("Another operation active, unable to create vpn"); +// } +// locked = true; +// //check overlap with port forwarding rules on this ip (udp ports 500, 4500) +// List existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_PORT, NetUtils.UDP_PROTO); +// if (!existing.isEmpty()) { +// throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_PORT + " is configured for destination NAT"); +// } +// existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_NATT_PORT, NetUtils.UDP_PROTO); +// if (!existing.isEmpty()) { +// throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_NATT_PORT + " is configured for destination NAT"); +// } +// existing = _rulesDao.listIPForwardingByPortAndProto(publicIp, NetUtils.VPN_L2TP_PORT, NetUtils.UDP_PROTO); +// if (!existing.isEmpty()) { +// throw new InvalidParameterValueException("UDP Port " + NetUtils.VPN_L2TP_PORT + " is configured for destination NAT"); +// } +// if (_rulesDao.isPublicIpOneToOneNATted(publicIp)) { +// throw new InvalidParameterValueException("Public Ip " + publicIp + " is configured for destination NAT"); +// } +// vpnVO = new RemoteAccessVpnVO(account.getId(), cmd.getZoneId(), publicIp, range[0], newIpRange, sharedSecret); +// vpnVO = _remoteAccessVpnDao.persist(vpnVO); +// PortForwardingRuleVO rule = new PortForwardingRuleVO(null, publicIp, NetUtils.VPN_PORT, guestIpRange[0], NetUtils.VPN_PORT, true, NetUtils.UDP_PROTO, false, null); +// _rulesDao.persist(rule); +// rule = new PortForwardingRuleVO(null, publicIp, NetUtils.VPN_NATT_PORT, guestIpRange[0], NetUtils.VPN_NATT_PORT, true, NetUtils.UDP_PROTO, false, null); +// _rulesDao.persist(rule); +// rule = new PortForwardingRuleVO(null, publicIp, NetUtils.VPN_L2TP_PORT, guestIpRange[0], NetUtils.VPN_L2TP_PORT, true, NetUtils.UDP_PROTO, false, null); +// _rulesDao.persist(rule); +// txn.commit(); +// return vpnVO; +// } finally { +// if (locked) { +// _ipAddressDao.releaseFromLockTable(publicIp); +// } +// } } @Override @@ -2859,44 +1722,45 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override @DB public boolean destroyRemoteAccessVpn(DeleteRemoteAccessVpnCmd cmd) throws ConcurrentOperationException { - Long userId = UserContext.current().getUserId(); - Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId()); - //TODO: assumes one virtual network / domr per account per zone - RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByAccountAndZone(account.getId(), cmd.getZoneId()); - if (vpnVO == null) { - throw new InvalidParameterValueException("No VPN found for account " + account.getAccountName() + " in zone " + cmd.getZoneId()); - } - EventUtils.saveStartedEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Deleting Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId(), cmd.getStartEventId()); - String publicIp = vpnVO.getVpnServerAddress(); - Long vpnId = vpnVO.getId(); - Transaction txn = Transaction.currentTxn(); - txn.start(); - boolean locked = false; - boolean deleted = false; - try { - IPAddressVO ipAddr = _ipAddressDao.acquireInLockTable(publicIp); - if (ipAddr == null) { - throw new ConcurrentOperationException("Another operation active, unable to create vpn"); - } - locked = true; - - deleted = _routerMgr.deleteRemoteAccessVpn(vpnVO); - return deleted; - } finally { - if (deleted) { - _remoteAccessVpnDao.remove(vpnId); - _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_PORT); - _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_NATT_PORT); - _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_L2TP_PORT); - EventUtils.saveEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Deleted Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId()); - } else { - EventUtils.saveEvent(userId, account.getId(), EventVO.LEVEL_ERROR, EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Unable to delete Remote Access VPN ", account.getAccountName() + " in zone " + cmd.getZoneId()); - } - txn.commit(); - if (locked) { - _ipAddressDao.releaseFromLockTable(publicIp); - } - } +// Long userId = UserContext.current().getUserId(); +// Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId()); +// //TODO: assumes one virtual network / domr per account per zone +// RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findByAccountAndZone(account.getId(), cmd.getZoneId()); +// if (vpnVO == null) { +// throw new InvalidParameterValueException("No VPN found for account " + account.getAccountName() + " in zone " + cmd.getZoneId()); +// } +// EventUtils.saveStartedEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Deleting Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId(), cmd.getStartEventId()); +// String publicIp = vpnVO.getVpnServerAddress(); +// Long vpnId = vpnVO.getId(); +// Transaction txn = Transaction.currentTxn(); +// txn.start(); +// boolean locked = false; +// boolean deleted = false; +// try { +// IPAddressVO ipAddr = _ipAddressDao.acquireInLockTable(publicIp); +// if (ipAddr == null) { +// throw new ConcurrentOperationException("Another operation active, unable to create vpn"); +// } +// locked = true; +// +// deleted = _routerMgr.deleteRemoteAccessVpn(vpnVO); +// return deleted; +// } finally { +// if (deleted) { +// _remoteAccessVpnDao.remove(vpnId); +// _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_PORT); +// _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_NATT_PORT); +// _rulesDao.deleteIPForwardingByPublicIpAndPort(publicIp, NetUtils.VPN_L2TP_PORT); +// EventUtils.saveEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Deleted Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId()); +// } else { +// EventUtils.saveEvent(userId, account.getId(), EventVO.LEVEL_ERROR, EventTypes.EVENT_REMOTE_ACCESS_VPN_DESTROY, "Unable to delete Remote Access VPN ", account.getAccountName() + " in zone " + cmd.getZoneId()); +// } +// txn.commit(); +// if (locked) { +// _ipAddressDao.releaseFromLockTable(publicIp); +// } +// } + return false; // FIXME } @Override @@ -3024,286 +1888,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } @Override @DB - public Network getNetworkConfiguration(long id) { + public Network getNetwork(long id) { return _networkConfigDao.findById(id); } - @Override @DB - public FirewallRule createIpForwardingRuleOnDomr(long ruleId) { - Transaction txn = Transaction.currentTxn(); - txn.start(); - boolean success = false; - FirewallRuleVO rule = null; - IPAddressVO ipAddress = null; - boolean locked = false; - try { - //get the rule - rule = _rulesDao.findById(ruleId); - - if(rule == null){ - throw new PermissionDeniedException("Cannot create ip forwarding rule in db"); - } - - //get ip address - ipAddress = _ipAddressDao.findById(rule.getPublicIpAddress()); - if (ipAddress == null) { - throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid IP address specified."); - } - - //sync point - ipAddress = _ipAddressDao.acquireInLockTable(ipAddress.getAddress()); - - if(ipAddress == null){ - s_logger.warn("Unable to acquire lock on ipAddress for creating static NAT rule"); - return rule; - }else{ - locked = true; - } - - //get the domain router object - DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId()); - success = createOrDeleteIpForwardingRuleOnDomr(rule,router,rule.getPrivateIpAddress(),true); //true +> create - - if(!success){ - //corner case; delete record from db as domR rule creation failed - _rulesDao.remove(ruleId); - throw new PermissionDeniedException("Cannot create ip forwarding rule on domr, hence deleting created record in db"); - } - - //update the user_ip_address record - ipAddress.setOneToOneNat(true); - _ipAddressDao.update(ipAddress.getAddress(),ipAddress); - - // Save and create the event - String description; - String ruleName = "ip forwarding"; - String level = EventVO.LEVEL_INFO; - - description = "created new " + ruleName + " rule [" + rule.getPublicIpAddress() + "]->[" - + rule.getPrivateIpAddress() + "]" + ":" + rule.getProtocol(); - - EventUtils.saveEvent(UserContext.current().getUserId(), ipAddress.getAccountId(), level, EventTypes.EVENT_NET_RULE_ADD, description); - txn.commit(); - } catch (Exception e) { - txn.rollback(); - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, e.getMessage()); - }finally{ - if(locked){ - _ipAddressDao.releaseFromLockTable(ipAddress.getAddress()); - } - } - return rule; - } - - @Override @DB - public FirewallRule createIpForwardingRuleInDb(String ipAddr, long virtualMachineId) { - - Transaction txn = Transaction.currentTxn(); - txn.start(); - UserVmVO userVM = null; - FirewallRuleVO newFwRule = null; - boolean locked = false; - try { - // validate IP Address exists - IPAddressVO ipAddress = _ipAddressDao.findById(ipAddr); - if (ipAddress == null) { - throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid IP address specified."); - } - - // validate user VM exists - userVM = _vmDao.findById(virtualMachineId); - if (userVM == null) { - throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + virtualMachineId + ")."); - } - - //sync point; cannot lock on rule ; hence sync on vm - userVM = _vmDao.acquireInLockTable(userVM.getId()); - - if(userVM == null){ - s_logger.warn("Unable to acquire lock on user vm for creating static NAT rule"); - return newFwRule; - }else{ - locked = true; - } - - // validate that IP address and userVM belong to the same account - if ((ipAddress.getAccountId() == null) || (ipAddress.getAccountId().longValue() != userVM.getAccountId())) { - throw new InvalidParameterValueException("Unable to create ip forwarding rule, IP address " + ipAddress + " owner is not the same as owner of virtual machine " + userVM.toString()); - } - - // validate that userVM is in the same availability zone as the IP address - if (ipAddress.getDataCenterId() != userVM.getDataCenterId()) { - throw new InvalidParameterValueException("Unable to create ip forwarding rule, IP address " + ipAddress + " is not in the same availability zone as virtual machine " + userVM.toString()); - } - - // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters - Account account = UserContext.current().getAccount(); - if (account != null) { - if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) { - if (!_domainDao.isChildDomain(account.getDomainId(), userVM.getDomainId())) { - throw new PermissionDeniedException("Unable to create ip forwarding rule, IP address " + ipAddress + " to virtual machine " + virtualMachineId + ", permission denied."); - } - } else if (account.getId() != userVM.getAccountId()) { - throw new PermissionDeniedException("Unable to create ip forwarding rule, IP address " + ipAddress + " to virtual machine " + virtualMachineId + ", permission denied."); - } - } - - // check for ip address/port conflicts by checking existing port/ip forwarding rules - List existingFirewallRules = _rulesDao.findRuleByPublicIp(ipAddr); - - if(existingFirewallRules.size() > 0){ - throw new NetworkRuleConflictException("There already exists a firewall rule for public ip:"+ipAddr); - } - - //check for ip address/port conflicts by checking existing load balancing rules - List existingLoadBalancerRules = _loadBalancerDao.listByIpAddress(ipAddr); - - if(existingLoadBalancerRules.size() > 0){ - throw new NetworkRuleConflictException("There already exists a load balancer rule for public ip:"+ipAddr); - } - - //if given ip address is already source nat, return error - if(ipAddress.isSourceNat()){ - throw new PermissionDeniedException("Cannot create a static nat rule for the ip:"+ipAddress.getAddress()+" ,this is already a source nat ip address"); - } - - //if given ip address is already static nat, return error - if(ipAddress.isOneToOneNat()){ - throw new PermissionDeniedException("Cannot create a static nat rule for the ip:"+ipAddress.getAddress()+" ,this is already a static nat ip address"); - } - - newFwRule = new FirewallRuleVO(); - newFwRule.setEnabled(true); - newFwRule.setForwarding(true); - newFwRule.setPrivatePort(null); - newFwRule.setProtocol(NetUtils.NAT_PROTO);//protocol cannot be null; adding this as a NAT - newFwRule.setPublicPort(null); - newFwRule.setPublicIpAddress(ipAddress.getAddress()); - newFwRule.setPrivateIpAddress(userVM.getGuestIpAddress()); - newFwRule.setGroupId(null); - - _rulesDao.persist(newFwRule); - txn.commit(); - } catch (Exception e) { - s_logger.warn("Unable to create new firewall rule for static NAT"); - txn.rollback(); - throw new ServerApiException(BaseCmd.INTERNAL_ERROR,"Unable to create new firewall rule for static NAT:"+e.getMessage()); - }finally{ - if(locked) { - _vmDao.releaseFromLockTable(userVM.getId()); - } - } - - return newFwRule; - } - - @Override @DB - public boolean deleteIpForwardingRule(Long id) { - Long ruleId = id; - Long userId = UserContext.current().getUserId(); - Account account = UserContext.current().getAccount(); - - //verify input parameters here - FirewallRuleVO rule = _firewallRulesDao.findById(ruleId); - if (rule == null) { - throw new InvalidParameterValueException("Unable to find port forwarding rule " + ruleId); - } - - String publicIp = rule.getPublicIpAddress(); - - - IPAddressVO ipAddress = _ipAddressDao.findById(publicIp); - if (ipAddress == null) { - throw new InvalidParameterValueException("Unable to find IP address for ip forwarding rule " + ruleId); - } - - // although we are not writing these values to the DB, we will check - // them out of an abundance - // of caution (may not be warranted) - - Account ruleOwner = _accountDao.findById(ipAddress.getAccountId()); - if (ruleOwner == null) { - throw new InvalidParameterValueException("Unable to find owning account for ip forwarding rule " + ruleId); - } - - // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters - if (account != null) { - if (isAdmin(account.getType())) { - if (!_domainDao.isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) { - throw new PermissionDeniedException("Unable to delete ip forwarding rule " + ruleId + ", permission denied."); - } - } else if (account.getId() != ruleOwner.getId()) { - throw new PermissionDeniedException("Unable to delete ip forwarding rule " + ruleId + ", permission denied."); - } - } - - Transaction txn = Transaction.currentTxn(); - boolean locked = false; - boolean success = false; - try { - - ipAddress = _ipAddressDao.acquireInLockTable(publicIp); - if (ipAddress == null) { - throw new PermissionDeniedException("Unable to obtain lock on record for deletion"); - } - - locked = true; - txn.start(); - - final DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId()); - success = createOrDeleteIpForwardingRuleOnDomr(rule, router, rule.getPrivateIpAddress(), false); - _firewallRulesDao.remove(ruleId); - - //update the ip_address record - ipAddress.setOneToOneNat(false); - _ipAddressDao.persist(ipAddress); - - String description; - String type = EventTypes.EVENT_NET_RULE_DELETE; - String level = EventVO.LEVEL_INFO; - String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer"; - - if (success) { - description = "deleted " + ruleName + " rule [" + publicIp +"]->[" + rule.getPrivateIpAddress() + "] " + rule.getProtocol(); - } else { - level = EventVO.LEVEL_ERROR; - description = "Error while deleting " + ruleName + " rule [" + publicIp + "]->[" + rule.getPrivateIpAddress() +"] " + rule.getProtocol(); - } - EventUtils.saveEvent(userId, ipAddress.getAccountId(), level, type, description); - txn.commit(); - }catch (Exception ex) { - txn.rollback(); - s_logger.error("Unexpected exception deleting port forwarding rule " + ruleId, ex); - return false; - }finally { - if (locked) { - _ipAddressDao.releaseFromLockTable(publicIp); - } - txn.close(); - } - return success; - } - - private boolean createOrDeleteIpForwardingRuleOnDomr(FirewallRuleVO fwRule, DomainRouterVO router, String guestIp, boolean create){ - - Commands cmds = new Commands(OnError.Continue); - final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(router.getInstanceName(), router.getPrivateIpAddress(),fwRule, create); - cmds.addCommand(cmd); - try { - _agentMgr.send(router.getHostId(), cmds); - } catch (final AgentUnavailableException e) { - s_logger.warn("agent unavailable", e); - } catch (final OperationTimedoutException e) { - s_logger.warn("Timed Out", e); - } - Answer[] answers = cmds.getAnswers(); - if (answers == null || answers[0].getResult() == false ){ - return false; - }else{ - return true; - } - } - @Override @DB public Network createNetwork(CreateNetworkCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ Account ctxAccount = UserContext.current().getAccount(); @@ -3533,4 +2121,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag } } + + @Override + public boolean applyRules(Ip ip, List rules, boolean continueOnError) throws ResourceUnavailableException { + // TODO Auto-generated method stub + return false; + } } diff --git a/server/src/com/cloud/network/configuration/GuestNetworkGuru.java b/server/src/com/cloud/network/configuration/GuestNetworkGuru.java index e134aca6033..bed759bc580 100644 --- a/server/src/com/cloud/network/configuration/GuestNetworkGuru.java +++ b/server/src/com/cloud/network/configuration/GuestNetworkGuru.java @@ -32,13 +32,13 @@ import com.cloud.deploy.DeploymentPlan; import com.cloud.exception.InsufficientAddressCapacityException; import com.cloud.exception.InsufficientVirtualNetworkCapcityException; import com.cloud.exception.InvalidParameterValueException; +import com.cloud.network.Network; +import com.cloud.network.Network.State; +import com.cloud.network.NetworkManager; +import com.cloud.network.NetworkVO; import com.cloud.network.Networks.BroadcastDomainType; import com.cloud.network.Networks.Mode; import com.cloud.network.Networks.TrafficType; -import com.cloud.network.Network; -import com.cloud.network.Network.State; -import com.cloud.network.NetworkVO; -import com.cloud.network.NetworkManager; import com.cloud.offering.NetworkOffering; import com.cloud.offering.NetworkOffering.GuestIpType; import com.cloud.resource.Resource.ReservationStrategy; @@ -229,7 +229,6 @@ public class GuestNetworkGuru extends AdapterBase implements NetworkGuru { @Override public boolean trash(Network config, NetworkOffering offering, Account owner) { - // TODO Auto-generated method stub return true; } } diff --git a/server/src/com/cloud/network/dao/FirewallRulesDao.java b/server/src/com/cloud/network/dao/FirewallRulesDao.java index 62cb4bde12e..c7941f7c45e 100644 --- a/server/src/com/cloud/network/dao/FirewallRulesDao.java +++ b/server/src/com/cloud/network/dao/FirewallRulesDao.java @@ -18,40 +18,47 @@ package com.cloud.network.dao; -import java.util.List; - -import com.cloud.network.FirewallRuleVO; +import java.util.List; + +import com.cloud.network.rules.FirewallRuleVO; import com.cloud.utils.db.GenericDao; +import com.cloud.utils.net.Ip; /* * Data Access Object for user_ip_address and ip_forwarding tables */ -public interface FirewallRulesDao extends GenericDao { - public List listIPForwarding(String publicIPAddress, boolean forwarding); - public List listIPForwarding(String publicIPAddress, String port, boolean forwarding); - - public List listIPForwarding(long userId); - public List listIPForwarding(long userId, long dcId); - public void deleteIPForwardingByPublicIpAddress(String ipAddress); - public List listIPForwarding(String publicIPAddress); - public List listIPForwardingForUpdate(String publicIPAddress); - public void disableIPForwarding(String publicIPAddress); - public List listIPForwardingForUpdate(String publicIp, boolean fwding); - public List listIPForwardingForUpdate(String publicIp, String publicPort, String proto); - public List listIPForwardingByPortAndProto(String publicIp, String publicPort, String proto); - - public List listLoadBalanceRulesForUpdate(String publicIp, String publicPort, String algo); - public List listIpForwardingRulesForLoadBalancers(String publicIp); - - - public List listRulesExcludingPubIpPort(String publicIpAddress, long securityGroupId); - public List listBySecurityGroupId(long securityGroupId); - public List listByLoadBalancerId(long loadBalancerId); - public List listForwardingByPubAndPrivIp(boolean forwarding, String publicIPAddress, String privateIp); - public FirewallRuleVO findByGroupAndPrivateIp(long groupId, String privateIp, boolean forwarding); - public List listByPrivateIp(String privateIp); - public boolean isPublicIpOneToOneNATted(String publicIp); - void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port); - public List listIPForwardingForLB(long userId, long dcId); - public List findRuleByPublicIp(String publicIp); +public interface FirewallRulesDao extends GenericDao { + List listByIpAndNotRevoked(Ip ip); + + boolean setStateToAdd(FirewallRuleVO rule); + + boolean revoke(FirewallRuleVO rule); + +// public List listIPForwarding(String publicIPAddress, boolean forwarding); +// public List listIPForwarding(String publicIPAddress, String port, boolean forwarding); +// +// public List listIPForwarding(long userId); +// public List listIPForwarding(long userId, long dcId); +// public void deleteIPForwardingByPublicIpAddress(String ipAddress); +// public List listIPForwarding(String publicIPAddress); +// public List listIPForwardingForUpdate(String publicIPAddress); +// public void disableIPForwarding(String publicIPAddress); +// public List listIPForwardingForUpdate(String publicIp, boolean fwding); +// public List listIPForwardingForUpdate(String publicIp, String publicPort, String proto); +// public List listIPForwardingByPortAndProto(String publicIp, String publicPort, String proto); +// +// public List listLoadBalanceRulesForUpdate(String publicIp, String publicPort, String algo); +// public List listIpForwardingRulesForLoadBalancers(String publicIp); +// +// +// public List listRulesExcludingPubIpPort(String publicIpAddress, long securityGroupId); +// public List listBySecurityGroupId(long securityGroupId); +// public List listByLoadBalancerId(long loadBalancerId); +// public List listForwardingByPubAndPrivIp(boolean forwarding, String publicIPAddress, String privateIp); +// public PortForwardingRuleVO findByGroupAndPrivateIp(long groupId, String privateIp, boolean forwarding); +// public List findByPublicIpPrivateIpForNatRule(String publicIp,String privateIp); +// public List listByPrivateIp(String privateIp); +// public boolean isPublicIpOneToOneNATted(String publicIp); +// void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port); +// public List listIPForwardingForLB(long userId, long dcId); } diff --git a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java index 8a2033d7cea..d7a507a8195 100644 --- a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java +++ b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java @@ -18,407 +18,458 @@ package com.cloud.network.dao; -import java.sql.PreparedStatement; -import java.sql.ResultSet; -import java.util.ArrayList; import java.util.List; -import java.util.Map; import javax.ejb.Local; -import javax.naming.ConfigurationException; import org.apache.log4j.Logger; -import com.cloud.network.FirewallRuleVO; +import com.cloud.network.rules.FirewallRule.State; +import com.cloud.network.rules.FirewallRuleVO; +import com.cloud.utils.db.DB; import com.cloud.utils.db.GenericDaoBase; import com.cloud.utils.db.SearchBuilder; import com.cloud.utils.db.SearchCriteria; -import com.cloud.utils.db.Transaction; import com.cloud.utils.db.SearchCriteria.Op; -import com.cloud.utils.exception.CloudRuntimeException; -import com.cloud.utils.net.NetUtils; +import com.cloud.utils.net.Ip; -@Local(value = { FirewallRulesDao.class }) +@Local(value = { FirewallRulesDao.class }) @DB(txn=false) public class FirewallRulesDaoImpl extends GenericDaoBase implements FirewallRulesDao { private static final Logger s_logger = Logger.getLogger(FirewallRulesDaoImpl.class); - - public static String SELECT_IP_FORWARDINGS_BY_USERID_SQL = null; - public static String SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = null; - public static String SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL = null; - - - public static final String DELETE_IP_FORWARDING_BY_IPADDRESS_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ?"; - public static final String DELETE_IP_FORWARDING_BY_IP_PORT_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ? and public_port = ?"; - - public static final String DISABLE_IP_FORWARDING_BY_IPADDRESS_SQL = "UPDATE ip_forwarding set enabled=0 WHERE public_ip_address = ?"; - - - protected SearchBuilder FWByIPSearch; - protected SearchBuilder FWByIPAndForwardingSearch; - protected SearchBuilder FWByIPPortAndForwardingSearch; - protected SearchBuilder FWByIPPortProtoSearch; - protected SearchBuilder FWByIPPortAlgoSearch; - protected SearchBuilder FWByPrivateIPSearch; - protected SearchBuilder RulesExcludingPubIpPort; - protected SearchBuilder FWByGroupId; - protected SearchBuilder FWByIpForLB; - - protected SearchBuilder FWByGroupAndPrivateIp; - protected SearchBuilder FWByPublicIpSearch; - protected SearchBuilder OneToOneNATSearch; - - - protected FirewallRulesDaoImpl() { - } - - @Override - public boolean configure(String name, Map params) throws ConfigurationException { - if (!super.configure(name, params)) { - return false; - } - - SELECT_IP_FORWARDINGS_BY_USERID_SQL = buildSelectByUserIdSql(); - if (s_logger.isDebugEnabled()) { - s_logger.debug(SELECT_IP_FORWARDINGS_BY_USERID_SQL); - } - - SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = buildSelectByUserIdAndDatacenterIdSql(); - if (s_logger.isDebugEnabled()) { - s_logger.debug(SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL); - } - - SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL = buildSelectByUserIdAndDatacenterIdForLBSql(); - if (s_logger.isDebugEnabled()) { - s_logger.debug(SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL); - } - - - FWByIPSearch = createSearchBuilder(); - FWByIPSearch.and("publicIpAddress", FWByIPSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); - FWByIPSearch.done(); - - FWByIPAndForwardingSearch = createSearchBuilder(); - FWByIPAndForwardingSearch.and("publicIpAddress", FWByIPAndForwardingSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); - FWByIPAndForwardingSearch.and("forwarding", FWByIPAndForwardingSearch.entity().isForwarding(), SearchCriteria.Op.EQ); - FWByIPAndForwardingSearch.done(); - - FWByIPPortAndForwardingSearch = createSearchBuilder(); - FWByIPPortAndForwardingSearch.and("publicIpAddress", FWByIPPortAndForwardingSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); - FWByIPPortAndForwardingSearch.and("publicPort", FWByIPPortAndForwardingSearch.entity().getPublicPort(), SearchCriteria.Op.EQ); - FWByIPPortAndForwardingSearch.and("forwarding", FWByIPPortAndForwardingSearch.entity().isForwarding(), SearchCriteria.Op.EQ); - FWByIPPortAndForwardingSearch.done(); - - FWByIPPortProtoSearch = createSearchBuilder(); - FWByIPPortProtoSearch.and("publicIpAddress", FWByIPPortProtoSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); - FWByIPPortProtoSearch.and("publicPort", FWByIPPortProtoSearch.entity().getPublicPort(), SearchCriteria.Op.EQ); - FWByIPPortProtoSearch.and("protocol", FWByIPPortProtoSearch.entity().getProtocol(), SearchCriteria.Op.EQ); - FWByIPPortProtoSearch.done(); - - FWByIPPortAlgoSearch = createSearchBuilder(); - FWByIPPortAlgoSearch.and("publicIpAddress", FWByIPPortAlgoSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); - FWByIPPortAlgoSearch.and("publicPort", FWByIPPortAlgoSearch.entity().getPublicPort(), SearchCriteria.Op.EQ); - FWByIPPortAlgoSearch.and("algorithm", FWByIPPortAlgoSearch.entity().getAlgorithm(), SearchCriteria.Op.EQ); - FWByIPPortAlgoSearch.done(); - - FWByPrivateIPSearch = createSearchBuilder(); - FWByPrivateIPSearch.and("privateIpAddress", FWByPrivateIPSearch.entity().getPrivateIpAddress(), SearchCriteria.Op.EQ); - FWByPrivateIPSearch.done(); - - RulesExcludingPubIpPort = createSearchBuilder(); - RulesExcludingPubIpPort.and("publicIpAddress", RulesExcludingPubIpPort.entity().getPrivateIpAddress(), SearchCriteria.Op.EQ); - RulesExcludingPubIpPort.and("groupId", RulesExcludingPubIpPort.entity().getGroupId(), SearchCriteria.Op.NEQ); - RulesExcludingPubIpPort.and("forwarding", RulesExcludingPubIpPort.entity().isForwarding(), SearchCriteria.Op.EQ); - RulesExcludingPubIpPort.done(); - - FWByGroupId = createSearchBuilder(); - FWByGroupId.and("groupId", FWByGroupId.entity().getGroupId(), SearchCriteria.Op.EQ); - FWByGroupId.and("forwarding", FWByGroupId.entity().isForwarding(), SearchCriteria.Op.EQ); - FWByGroupId.done(); - - FWByGroupAndPrivateIp = createSearchBuilder(); - FWByGroupAndPrivateIp.and("groupId", FWByGroupAndPrivateIp.entity().getGroupId(), SearchCriteria.Op.EQ); - FWByGroupAndPrivateIp.and("privateIpAddress", FWByGroupAndPrivateIp.entity().getPrivateIpAddress(), SearchCriteria.Op.EQ); - FWByGroupAndPrivateIp.and("forwarding", FWByGroupAndPrivateIp.entity().isForwarding(), SearchCriteria.Op.EQ); - FWByGroupAndPrivateIp.done(); - - FWByPublicIpSearch = createSearchBuilder(); - FWByPublicIpSearch.and("publicIpAddress", FWByPublicIpSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); - FWByPublicIpSearch.done(); - - OneToOneNATSearch = createSearchBuilder(); - OneToOneNATSearch.and("publicIpAddress", OneToOneNATSearch.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); - OneToOneNATSearch.and("protocol", OneToOneNATSearch.entity().getProtocol(), SearchCriteria.Op.EQ); - OneToOneNATSearch.done(); - - FWByIpForLB = createSearchBuilder(); - FWByIpForLB.and("publicIpAddress", FWByIpForLB.entity().getPublicIpAddress(), SearchCriteria.Op.EQ); - FWByIpForLB.and("groupId", FWByIpForLB.entity().getGroupId(), SearchCriteria.Op.NNULL); - FWByIpForLB.and("forwarding", FWByIpForLB.entity().isForwarding(), SearchCriteria.Op.EQ); - FWByIpForLB.done(); - - return true; - } - - protected String buildSelectByUserIdSql() { - StringBuilder sql = createPartialSelectSql(null, true); - sql.insert(sql.length() - 6, ", user_ip_address "); - sql.append("ip_forwarding.public_ip_address = user_ip_address.public_ip_address AND user_ip_address.account_id = ?"); - - return sql.toString(); - } - - protected String buildSelectByUserIdAndDatacenterIdSql() { - return "SELECT i.id, i.group_id, i.public_ip_address, i.public_port, i.private_ip_address, i.private_port, i.enabled, i.protocol, i.forwarding, i.algorithm FROM ip_forwarding i, user_ip_address u WHERE i.public_ip_address=u.public_ip_address AND u.account_id=? AND u.data_center_id=?"; - } - protected String buildSelectByUserIdAndDatacenterIdForLBSql() { - return "SELECT i.id, i.group_id, i.public_ip_address, i.public_port, i.private_ip_address, i.private_port, i.enabled, i.protocol, i.forwarding, i.algorithm FROM ip_forwarding i, user_ip_address u WHERE i.public_ip_address=u.public_ip_address AND u.account_id=? AND u.data_center_id=? AND i.group_id is not NULL"; - } - - public List listIPForwarding(String publicIPAddress, boolean forwarding) { - SearchCriteria sc = FWByIPAndForwardingSearch.create(); - sc.setParameters("publicIpAddress", publicIPAddress); - sc.setParameters("forwarding", forwarding); - return listBy(sc); - } - - @Override - public List listIPForwarding(long userId) { - Transaction txn = Transaction.currentTxn(); - List forwardings = new ArrayList(); - PreparedStatement pstmt = null; - try { - pstmt = txn.prepareAutoCloseStatement(SELECT_IP_FORWARDINGS_BY_USERID_SQL); - pstmt.setLong(1, userId); - ResultSet rs = pstmt.executeQuery(); - while (rs.next()) { - forwardings.add(toEntityBean(rs, false)); - } - } catch (Exception e) { - s_logger.warn(e); - } - return forwardings; - } - - public List listIPForwarding(long userId, long dcId) { - Transaction txn = Transaction.currentTxn(); - List forwardings = new ArrayList(); - PreparedStatement pstmt = null; - try { - pstmt = txn.prepareAutoCloseStatement(SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL); - pstmt.setLong(1, userId); - pstmt.setLong(2, dcId); - ResultSet rs = pstmt.executeQuery(); - while (rs.next()) { - forwardings.add(toEntityBean(rs, false)); - } - } catch (Exception e) { - s_logger.warn(e); - } - return forwardings; - } - - @Override - public void deleteIPForwardingByPublicIpAddress(String ipAddress) { - Transaction txn = Transaction.currentTxn(); - PreparedStatement pstmt = null; - try { - pstmt = txn.prepareAutoCloseStatement(DELETE_IP_FORWARDING_BY_IPADDRESS_SQL); - pstmt.setString(1, ipAddress); - pstmt.executeUpdate(); - } catch (Exception e) { - s_logger.warn(e); - } - } + protected final SearchBuilder AllFieldsSearch; + protected final SearchBuilder IpNotRevokedSearch; + + protected FirewallRulesDaoImpl() { + super(); + + AllFieldsSearch = createSearchBuilder(); + AllFieldsSearch.and("ip", AllFieldsSearch.entity().getSourceIpAddress(), Op.EQ); + AllFieldsSearch.and("protocol", AllFieldsSearch.entity().getProtocol(), Op.EQ); + AllFieldsSearch.and("state", AllFieldsSearch.entity().getState(), Op.EQ); + AllFieldsSearch.and("purpose", AllFieldsSearch.entity().getPurpose(), Op.EQ); + AllFieldsSearch.and("account", AllFieldsSearch.entity().getAccountId(), Op.EQ); + AllFieldsSearch.and("domain", AllFieldsSearch.entity().getDomainId(), Op.EQ); + AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ); + AllFieldsSearch.done(); + + + IpNotRevokedSearch = createSearchBuilder(); + IpNotRevokedSearch.and("ip", IpNotRevokedSearch.entity().getSourceIpAddress(), Op.EQ); + IpNotRevokedSearch.and("state", IpNotRevokedSearch.entity().getSourceIpAddress(), Op.NEQ); + IpNotRevokedSearch.done(); + + + } @Override - public void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port) { - Transaction txn = Transaction.currentTxn(); - PreparedStatement pstmt = null; - try { - pstmt = txn.prepareAutoCloseStatement(DELETE_IP_FORWARDING_BY_IP_PORT_SQL); - pstmt.setString(1, ipAddress); - pstmt.setString(2, port); - - pstmt.executeUpdate(); - } catch (Exception e) { - s_logger.warn(e); - } - } - - @Override - public List listIPForwarding(String publicIPAddress) { - SearchCriteria sc = FWByIPSearch.create(); - sc.setParameters("publicIpAddress", publicIPAddress); - return listBy(sc); - } - - @Override - public List listIPForwardingForUpdate(String publicIPAddress) { - SearchCriteria sc = FWByIPSearch.create(); - sc.setParameters("publicIpAddress", publicIPAddress); - return listBy(sc, null); - } - - @Override - public List listIPForwardingForUpdate(String publicIp, boolean fwding) { - SearchCriteria sc = FWByIPAndForwardingSearch.create(); - sc.setParameters("publicIpAddress", publicIp); - sc.setParameters("forwarding", fwding); - return search(sc, null); - } - - @Override - public List listIPForwardingForUpdate(String publicIp, - String publicPort, String proto) { - SearchCriteria sc = FWByIPPortProtoSearch.create(); - sc.setParameters("publicIpAddress", publicIp); - sc.setParameters("publicPort", publicPort); - sc.setParameters("protocol", proto); - return search(sc, null); - } - - @Override - public List listLoadBalanceRulesForUpdate(String publicIp, - String publicPort, String algo) { - SearchCriteria sc = FWByIPPortAlgoSearch.create(); - sc.setParameters("publicIpAddress", publicIp); - sc.setParameters("publicPort", publicPort); - sc.setParameters("algorithm", algo); - return listBy(sc, null); - } - - @Override - public List listIPForwarding(String publicIPAddress, - String port, boolean forwarding) { - SearchCriteria sc = FWByIPPortAndForwardingSearch.create(); - sc.setParameters("publicIpAddress", publicIPAddress); - sc.setParameters("publicPort", port); - sc.setParameters("forwarding", forwarding); - - return listBy(sc); - } - - @Override - public void disableIPForwarding(String publicIPAddress) { - Transaction txn = Transaction.currentTxn(); - PreparedStatement pstmt = null; - try { - txn.start(); - pstmt = txn.prepareAutoCloseStatement(DISABLE_IP_FORWARDING_BY_IPADDRESS_SQL); - pstmt.setString(1, publicIPAddress); - pstmt.executeUpdate(); - txn.commit(); - } catch (Exception e) { - txn.rollback(); - throw new CloudRuntimeException("DB Exception ", e); - } - } - - @Override - public List listRulesExcludingPubIpPort(String publicIpAddress, long securityGroupId) { - SearchCriteria sc = RulesExcludingPubIpPort.create(); - sc.setParameters("publicIpAddress", publicIpAddress); - sc.setParameters("groupId", securityGroupId); - sc.setParameters("forwarding", false); - return listBy(sc); - } - - @Override - public List listBySecurityGroupId(long securityGroupId) { - SearchCriteria sc = FWByGroupId.create(); - sc.setParameters("groupId", securityGroupId); - sc.setParameters("forwarding", Boolean.TRUE); - return listBy(sc); - } - - @Override - public List listForwardingByPubAndPrivIp(boolean forwarding, String publicIPAddress, String privateIp) { - SearchCriteria sc = FWByIPAndForwardingSearch.create(); - sc.setParameters("publicIpAddress", publicIPAddress); - sc.setParameters("forwarding", forwarding); - sc.addAnd("privateIpAddress", SearchCriteria.Op.EQ, privateIp); - return listBy(sc); - } - - @Override - public List listByLoadBalancerId(long loadBalancerId) { - SearchCriteria sc = FWByGroupId.create(); - sc.setParameters("groupId", loadBalancerId); - sc.setParameters("forwarding", Boolean.FALSE); - return listBy(sc); - } - - @Override - public FirewallRuleVO findByGroupAndPrivateIp(long groupId, String privateIp, boolean forwarding) { - SearchCriteria sc = FWByGroupAndPrivateIp.create(); - sc.setParameters("groupId", groupId); - sc.setParameters("privateIpAddress", privateIp); - sc.setParameters("forwarding", forwarding); - return findOneBy(sc); - - } - - @Override - public List findRuleByPublicIp(String publicIp){ - SearchCriteria sc = FWByPublicIpSearch.create(); - sc.setParameters("publicIpAddress", publicIp); - return listBy(sc); - } - - @Override - public List listByPrivateIp(String privateIp) { - SearchCriteria sc = FWByPrivateIPSearch.create(); - sc.setParameters("privateIpAddress", privateIp); + public List listByIpAndNotRevoked(Ip ip) { + SearchCriteria sc = IpNotRevokedSearch.create(); + sc.setParameters("ip", ip); + sc.setParameters("state", State.Revoke); + return listBy(sc); - } - - @Override - public List listIPForwardingByPortAndProto(String publicIp, - String publicPort, String proto) { - SearchCriteria sc = FWByIPPortProtoSearch.create(); - sc.setParameters("publicIpAddress", publicIp); - sc.setParameters("publicPort", publicPort); - sc.setParameters("protocol", proto); - return search(sc, null); - } - - @Override - public boolean isPublicIpOneToOneNATted(String publicIp) { - SearchCriteria sc = OneToOneNATSearch.create(); - sc.setParameters("publicIpAddress", publicIp); - sc.setParameters("protocol", NetUtils.NAT_PROTO); - List rules = search(sc, null); - if (rules.size() != 1) - return false; - return rules.get(1).getProtocol().equalsIgnoreCase(NetUtils.NAT_PROTO); - } - - @Override - public List listIpForwardingRulesForLoadBalancers( - String publicIp) { - SearchCriteria sc = FWByIpForLB.create(); - sc.setParameters("publicIpAddress", publicIp); - sc.setParameters("forwarding", false); - return search(sc, null); - } - - @Override - public List listIPForwardingForLB(long userId, long dcId) { - Transaction txn = Transaction.currentTxn(); - List forwardings = new ArrayList(); - PreparedStatement pstmt = null; - try { - pstmt = txn.prepareAutoCloseStatement(SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL); - pstmt.setLong(1, userId); - pstmt.setLong(2, dcId); - ResultSet rs = pstmt.executeQuery(); - while (rs.next()) { - forwardings.add(toEntityBean(rs, false)); - } - } catch (Exception e) { - s_logger.warn(e); - } - return forwardings; - } + } + + @Override + public boolean setStateToAdd(FirewallRuleVO rule) { + SearchCriteria sc = AllFieldsSearch.create(); + sc.setParameters("id", rule.getId()); + sc.setParameters("state", State.Staged); + + rule.setState(State.Add); + + return update(rule, sc) > 0; + } + + @Override + public boolean revoke(FirewallRuleVO rule) { + rule.setState(State.Revoke); + return update(rule.getId(), rule); + } + + + +// public static String SELECT_IP_FORWARDINGS_BY_USERID_SQL = null; +// public static String SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = null; +// public static String SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL = null; +// +// +// public static final String DELETE_IP_FORWARDING_BY_IPADDRESS_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ?"; +// public static final String DELETE_IP_FORWARDING_BY_IP_PORT_SQL = "DELETE FROM ip_forwarding WHERE public_ip_address = ? and public_port = ?"; +// +// public static final String DISABLE_IP_FORWARDING_BY_IPADDRESS_SQL = "UPDATE ip_forwarding set enabled=0 WHERE public_ip_address = ?"; +// +// +// protected SearchBuilder FWByIPAndForwardingSearch; +// protected SearchBuilder FWByIPPortAndForwardingSearch; +// protected SearchBuilder FWByIPPortProtoSearch; +// protected SearchBuilder FWByIPPortAlgoSearch; +// protected SearchBuilder FWByPrivateIPSearch; +// protected SearchBuilder RulesExcludingPubIpPort; +// protected SearchBuilder FWByGroupId; +// protected SearchBuilder FWByIpForLB; +// +// protected SearchBuilder FWByGroupAndPrivateIp; +// protected SearchBuilder FWByPrivateIpPrivatePortPublicIpPublicPortSearch; +// protected SearchBuilder OneToOneNATSearch; +// +// +// protected FirewallRulesDaoImpl() { +// } +// +// @Override +// public boolean configure(String name, Map params) throws ConfigurationException { +// if (!super.configure(name, params)) { +// return false; +// } +// +// SELECT_IP_FORWARDINGS_BY_USERID_SQL = buildSelectByUserIdSql(); +// if (s_logger.isDebugEnabled()) { +// s_logger.debug(SELECT_IP_FORWARDINGS_BY_USERID_SQL); +// } +// +// SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL = buildSelectByUserIdAndDatacenterIdSql(); +// if (s_logger.isDebugEnabled()) { +// s_logger.debug(SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL); +// } +// +// SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL = buildSelectByUserIdAndDatacenterIdForLBSql(); +// if (s_logger.isDebugEnabled()) { +// s_logger.debug(SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL); +// } +// +// +// FWByIPSearch = createSearchBuilder(); +// FWByIPSearch.and("publicIpAddress", FWByIPSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ); +// FWByIPSearch.done(); +// +// FWByIPAndForwardingSearch = createSearchBuilder(); +// FWByIPAndForwardingSearch.and("publicIpAddress", FWByIPAndForwardingSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ); +// FWByIPAndForwardingSearch.and("forwarding", FWByIPAndForwardingSearch.entity().isForwarding(), SearchCriteria.Op.EQ); +// FWByIPAndForwardingSearch.done(); +// +// FWByIPPortAndForwardingSearch = createSearchBuilder(); +// FWByIPPortAndForwardingSearch.and("publicIpAddress", FWByIPPortAndForwardingSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ); +// FWByIPPortAndForwardingSearch.and("publicPort", FWByIPPortAndForwardingSearch.entity().getSourcePort(), SearchCriteria.Op.EQ); +// FWByIPPortAndForwardingSearch.and("forwarding", FWByIPPortAndForwardingSearch.entity().isForwarding(), SearchCriteria.Op.EQ); +// FWByIPPortAndForwardingSearch.done(); +// +// FWByIPPortProtoSearch = createSearchBuilder(); +// FWByIPPortProtoSearch.and("publicIpAddress", FWByIPPortProtoSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ); +// FWByIPPortProtoSearch.and("publicPort", FWByIPPortProtoSearch.entity().getSourcePort(), SearchCriteria.Op.EQ); +// FWByIPPortProtoSearch.and("protocol", FWByIPPortProtoSearch.entity().getProtocol(), SearchCriteria.Op.EQ); +// FWByIPPortProtoSearch.done(); +// +// FWByIPPortAlgoSearch = createSearchBuilder(); +// FWByIPPortAlgoSearch.and("publicIpAddress", FWByIPPortAlgoSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ); +// FWByIPPortAlgoSearch.and("publicPort", FWByIPPortAlgoSearch.entity().getSourcePort(), SearchCriteria.Op.EQ); +// FWByIPPortAlgoSearch.and("algorithm", FWByIPPortAlgoSearch.entity().getAlgorithm(), SearchCriteria.Op.EQ); +// FWByIPPortAlgoSearch.done(); +// +// FWByPrivateIPSearch = createSearchBuilder(); +// FWByPrivateIPSearch.and("privateIpAddress", FWByPrivateIPSearch.entity().getDestinationIpAddress(), SearchCriteria.Op.EQ); +// FWByPrivateIPSearch.done(); +// +// RulesExcludingPubIpPort = createSearchBuilder(); +// RulesExcludingPubIpPort.and("publicIpAddress", RulesExcludingPubIpPort.entity().getDestinationIpAddress(), SearchCriteria.Op.EQ); +// RulesExcludingPubIpPort.and("groupId", RulesExcludingPubIpPort.entity().getGroupId(), SearchCriteria.Op.NEQ); +// RulesExcludingPubIpPort.and("forwarding", RulesExcludingPubIpPort.entity().isForwarding(), SearchCriteria.Op.EQ); +// RulesExcludingPubIpPort.done(); +// +// FWByGroupId = createSearchBuilder(); +// FWByGroupId.and("groupId", FWByGroupId.entity().getGroupId(), SearchCriteria.Op.EQ); +// FWByGroupId.and("forwarding", FWByGroupId.entity().isForwarding(), SearchCriteria.Op.EQ); +// FWByGroupId.done(); +// +// FWByGroupAndPrivateIp = createSearchBuilder(); +// FWByGroupAndPrivateIp.and("groupId", FWByGroupAndPrivateIp.entity().getGroupId(), SearchCriteria.Op.EQ); +// FWByGroupAndPrivateIp.and("privateIpAddress", FWByGroupAndPrivateIp.entity().getDestinationIpAddress(), SearchCriteria.Op.EQ); +// FWByGroupAndPrivateIp.and("forwarding", FWByGroupAndPrivateIp.entity().isForwarding(), SearchCriteria.Op.EQ); +// FWByGroupAndPrivateIp.done(); +// +// FWByPrivateIpPrivatePortPublicIpPublicPortSearch = createSearchBuilder(); +// FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("publicIpAddress", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ); +// FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("privateIpAddress", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getDestinationIpAddress(), SearchCriteria.Op.EQ); +// FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("privatePort", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getDestinationPort(), SearchCriteria.Op.NULL); +// FWByPrivateIpPrivatePortPublicIpPublicPortSearch.and("publicPort", FWByPrivateIpPrivatePortPublicIpPublicPortSearch.entity().getSourcePort(), SearchCriteria.Op.NULL); +// FWByPrivateIpPrivatePortPublicIpPublicPortSearch.done(); +// +// OneToOneNATSearch = createSearchBuilder(); +// OneToOneNATSearch.and("publicIpAddress", OneToOneNATSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ); +// OneToOneNATSearch.and("protocol", OneToOneNATSearch.entity().getProtocol(), SearchCriteria.Op.EQ); +// OneToOneNATSearch.done(); +// +// FWByIpForLB = createSearchBuilder(); +// FWByIpForLB.and("publicIpAddress", FWByIpForLB.entity().getSourceIpAddress(), SearchCriteria.Op.EQ); +// FWByIpForLB.and("groupId", FWByIpForLB.entity().getGroupId(), SearchCriteria.Op.NNULL); +// FWByIpForLB.and("forwarding", FWByIpForLB.entity().isForwarding(), SearchCriteria.Op.EQ); +// FWByIpForLB.done(); +// +// return true; +// } +// +// protected String buildSelectByUserIdSql() { +// StringBuilder sql = createPartialSelectSql(null, true); +// sql.insert(sql.length() - 6, ", user_ip_address "); +// sql.append("ip_forwarding.public_ip_address = user_ip_address.public_ip_address AND user_ip_address.account_id = ?"); +// +// return sql.toString(); +// } +// +// protected String buildSelectByUserIdAndDatacenterIdSql() { +// return "SELECT i.id, i.group_id, i.public_ip_address, i.public_port, i.private_ip_address, i.private_port, i.enabled, i.protocol, i.forwarding, i.algorithm FROM ip_forwarding i, user_ip_address u WHERE i.public_ip_address=u.public_ip_address AND u.account_id=? AND u.data_center_id=?"; +// } +// +// protected String buildSelectByUserIdAndDatacenterIdForLBSql() { +// return "SELECT i.id, i.group_id, i.public_ip_address, i.public_port, i.private_ip_address, i.private_port, i.enabled, i.protocol, i.forwarding, i.algorithm FROM ip_forwarding i, user_ip_address u WHERE i.public_ip_address=u.public_ip_address AND u.account_id=? AND u.data_center_id=? AND i.group_id is not NULL"; +// } +// +// public List listIPForwarding(String publicIPAddress, boolean forwarding) { +// SearchCriteria sc = FWByIPAndForwardingSearch.create(); +// sc.setParameters("publicIpAddress", publicIPAddress); +// sc.setParameters("forwarding", forwarding); +// return listBy(sc); +// } +// +// @Override +// public List listIPForwarding(long userId) { +// Transaction txn = Transaction.currentTxn(); +// List forwardings = new ArrayList(); +// PreparedStatement pstmt = null; +// try { +// pstmt = txn.prepareAutoCloseStatement(SELECT_IP_FORWARDINGS_BY_USERID_SQL); +// pstmt.setLong(1, userId); +// ResultSet rs = pstmt.executeQuery(); +// while (rs.next()) { +// forwardings.add(toEntityBean(rs, false)); +// } +// } catch (Exception e) { +// s_logger.warn(e); +// } +// return forwardings; +// } +// +// public List listIPForwarding(long userId, long dcId) { +// Transaction txn = Transaction.currentTxn(); +// List forwardings = new ArrayList(); +// PreparedStatement pstmt = null; +// try { +// pstmt = txn.prepareAutoCloseStatement(SELECT_IP_FORWARDINGS_BY_USERID_AND_DCID_SQL); +// pstmt.setLong(1, userId); +// pstmt.setLong(2, dcId); +// ResultSet rs = pstmt.executeQuery(); +// while (rs.next()) { +// forwardings.add(toEntityBean(rs, false)); +// } +// } catch (Exception e) { +// s_logger.warn(e); +// } +// return forwardings; +// } +// +// @Override +// public void deleteIPForwardingByPublicIpAddress(String ipAddress) { +// Transaction txn = Transaction.currentTxn(); +// PreparedStatement pstmt = null; +// try { +// pstmt = txn.prepareAutoCloseStatement(DELETE_IP_FORWARDING_BY_IPADDRESS_SQL); +// pstmt.setString(1, ipAddress); +// pstmt.executeUpdate(); +// } catch (Exception e) { +// s_logger.warn(e); +// } +// } +// +// @Override +// public void deleteIPForwardingByPublicIpAndPort(String ipAddress, String port) { +// Transaction txn = Transaction.currentTxn(); +// PreparedStatement pstmt = null; +// try { +// pstmt = txn.prepareAutoCloseStatement(DELETE_IP_FORWARDING_BY_IP_PORT_SQL); +// pstmt.setString(1, ipAddress); +// pstmt.setString(2, port); +// +// pstmt.executeUpdate(); +// } catch (Exception e) { +// s_logger.warn(e); +// } +// } +// +// @Override +// public List listIPForwarding(String publicIPAddress) { +// SearchCriteria sc = FWByIPSearch.create(); +// sc.setParameters("publicIpAddress", publicIPAddress); +// return listBy(sc); +// } +// +// @Override +// public List listIPForwardingForUpdate(String publicIPAddress) { +// SearchCriteria sc = FWByIPSearch.create(); +// sc.setParameters("publicIpAddress", publicIPAddress); +// return listBy(sc, null); +// } +// +// @Override +// public List listIPForwardingForUpdate(String publicIp, boolean fwding) { +// SearchCriteria sc = FWByIPAndForwardingSearch.create(); +// sc.setParameters("publicIpAddress", publicIp); +// sc.setParameters("forwarding", fwding); +// return search(sc, null); +// } +// +// @Override +// public List listIPForwardingForUpdate(String publicIp, +// String publicPort, String proto) { +// SearchCriteria sc = FWByIPPortProtoSearch.create(); +// sc.setParameters("publicIpAddress", publicIp); +// sc.setParameters("publicPort", publicPort); +// sc.setParameters("protocol", proto); +// return search(sc, null); +// } +// +// @Override +// public List listLoadBalanceRulesForUpdate(String publicIp, +// String publicPort, String algo) { +// SearchCriteria sc = FWByIPPortAlgoSearch.create(); +// sc.setParameters("publicIpAddress", publicIp); +// sc.setParameters("publicPort", publicPort); +// sc.setParameters("algorithm", algo); +// return listBy(sc, null); +// } +// +// @Override +// public List listIPForwarding(String publicIPAddress, +// String port, boolean forwarding) { +// SearchCriteria sc = FWByIPPortAndForwardingSearch.create(); +// sc.setParameters("publicIpAddress", publicIPAddress); +// sc.setParameters("publicPort", port); +// sc.setParameters("forwarding", forwarding); +// +// return listBy(sc); +// } +// +// @Override +// public void disableIPForwarding(String publicIPAddress) { +// Transaction txn = Transaction.currentTxn(); +// PreparedStatement pstmt = null; +// try { +// txn.start(); +// pstmt = txn.prepareAutoCloseStatement(DISABLE_IP_FORWARDING_BY_IPADDRESS_SQL); +// pstmt.setString(1, publicIPAddress); +// pstmt.executeUpdate(); +// txn.commit(); +// } catch (Exception e) { +// txn.rollback(); +// throw new CloudRuntimeException("DB Exception ", e); +// } +// } +// +// @Override +// public List listRulesExcludingPubIpPort(String publicIpAddress, long securityGroupId) { +// SearchCriteria sc = RulesExcludingPubIpPort.create(); +// sc.setParameters("publicIpAddress", publicIpAddress); +// sc.setParameters("groupId", securityGroupId); +// sc.setParameters("forwarding", false); +// return listBy(sc); +// } +// +// @Override +// public List listBySecurityGroupId(long securityGroupId) { +// SearchCriteria sc = FWByGroupId.create(); +// sc.setParameters("groupId", securityGroupId); +// sc.setParameters("forwarding", Boolean.TRUE); +// return listBy(sc); +// } +// +// @Override +// public List listForwardingByPubAndPrivIp(boolean forwarding, String publicIPAddress, String privateIp) { +// SearchCriteria sc = FWByIPAndForwardingSearch.create(); +// sc.setParameters("publicIpAddress", publicIPAddress); +// sc.setParameters("forwarding", forwarding); +// sc.addAnd("privateIpAddress", SearchCriteria.Op.EQ, privateIp); +// return listBy(sc); +// } +// +// @Override +// public List listByLoadBalancerId(long loadBalancerId) { +// SearchCriteria sc = FWByGroupId.create(); +// sc.setParameters("groupId", loadBalancerId); +// sc.setParameters("forwarding", Boolean.FALSE); +// return listBy(sc); +// } +// +// @Override +// public PortForwardingRuleVO findByGroupAndPrivateIp(long groupId, String privateIp, boolean forwarding) { +// SearchCriteria sc = FWByGroupAndPrivateIp.create(); +// sc.setParameters("groupId", groupId); +// sc.setParameters("privateIpAddress", privateIp); +// sc.setParameters("forwarding", forwarding); +// return findOneBy(sc); +// +// } +// +// @Override +// public List findByPublicIpPrivateIpForNatRule(String publicIp, String privateIp){ +// SearchCriteria sc = FWByPrivateIpPrivatePortPublicIpPublicPortSearch.create(); +// sc.setParameters("publicIpAddress", publicIp); +// sc.setParameters("privateIpAddress", privateIp); +// return listBy(sc); +// } +// +// @Override +// public List listByPrivateIp(String privateIp) { +// SearchCriteria sc = FWByPrivateIPSearch.create(); +// sc.setParameters("privateIpAddress", privateIp); +// return listBy(sc); +// } +// +// @Override +// public List listIPForwardingByPortAndProto(String publicIp, +// String publicPort, String proto) { +// SearchCriteria sc = FWByIPPortProtoSearch.create(); +// sc.setParameters("publicIpAddress", publicIp); +// sc.setParameters("publicPort", publicPort); +// sc.setParameters("protocol", proto); +// return search(sc, null); +// } +// +// @Override +// public boolean isPublicIpOneToOneNATted(String publicIp) { +// SearchCriteria sc = OneToOneNATSearch.create(); +// sc.setParameters("publicIpAddress", publicIp); +// sc.setParameters("protocol", NetUtils.NAT_PROTO); +// List rules = search(sc, null); +// if (rules.size() != 1) +// return false; +// return rules.get(1).getProtocol().equalsIgnoreCase(NetUtils.NAT_PROTO); +// } +// +// @Override +// public List listIpForwardingRulesForLoadBalancers( +// String publicIp) { +// SearchCriteria sc = FWByIpForLB.create(); +// sc.setParameters("publicIpAddress", publicIp); +// sc.setParameters("forwarding", false); +// return search(sc, null); +// } +// +// @Override +// public List listIPForwardingForLB(long userId, long dcId) { +// Transaction txn = Transaction.currentTxn(); +// List forwardings = new ArrayList(); +// PreparedStatement pstmt = null; +// try { +// pstmt = txn.prepareAutoCloseStatement(SELECT_LB_FORWARDINGS_BY_USERID_AND_DCID_SQL); +// pstmt.setLong(1, userId); +// pstmt.setLong(2, dcId); +// ResultSet rs = pstmt.executeQuery(); +// while (rs.next()) { +// forwardings.add(toEntityBean(rs, false)); +// } +// } catch (Exception e) { +// s_logger.warn(e); +// } +// return forwardings; +// } } diff --git a/server/src/com/cloud/network/dao/LoadBalancerDaoImpl.java b/server/src/com/cloud/network/dao/LoadBalancerDaoImpl.java index a9dcda58557..f845d2c9c88 100644 --- a/server/src/com/cloud/network/dao/LoadBalancerDaoImpl.java +++ b/server/src/com/cloud/network/dao/LoadBalancerDaoImpl.java @@ -50,12 +50,12 @@ public class LoadBalancerDaoImpl extends GenericDaoBase im protected LoadBalancerDaoImpl() { ListByIp = createSearchBuilder(); - ListByIp.and("ipAddress", ListByIp.entity().getIpAddress(), SearchCriteria.Op.EQ); + ListByIp.and("ipAddress", ListByIp.entity().getSourceIpAddress(), SearchCriteria.Op.EQ); ListByIp.done(); IpAndPublicPortSearch = createSearchBuilder(); - IpAndPublicPortSearch.and("ipAddress", IpAndPublicPortSearch.entity().getIpAddress(), SearchCriteria.Op.EQ); - IpAndPublicPortSearch.and("publicPort", IpAndPublicPortSearch.entity().getPublicPort(), SearchCriteria.Op.EQ); + IpAndPublicPortSearch.and("ipAddress", IpAndPublicPortSearch.entity().getSourceIpAddress(), SearchCriteria.Op.EQ); + IpAndPublicPortSearch.and("publicPort", IpAndPublicPortSearch.entity().getSourcePortStart(), SearchCriteria.Op.EQ); IpAndPublicPortSearch.done(); AccountAndNameSearch = createSearchBuilder(); diff --git a/server/src/com/cloud/network/dao/LoadBalancerVMMapDao.java b/server/src/com/cloud/network/dao/LoadBalancerVMMapDao.java index 20db7c322b4..0f1ae1544f7 100644 --- a/server/src/com/cloud/network/dao/LoadBalancerVMMapDao.java +++ b/server/src/com/cloud/network/dao/LoadBalancerVMMapDao.java @@ -18,8 +18,8 @@ package com.cloud.network.dao; -import java.util.List; - +import java.util.List; + import com.cloud.network.LoadBalancerVMMapVO; import com.cloud.utils.db.GenericDao; diff --git a/server/src/com/cloud/network/element/DomainRouterElement.java b/server/src/com/cloud/network/element/DomainRouterElement.java index 9acd82e6b09..1e7197f679c 100644 --- a/server/src/com/cloud/network/element/DomainRouterElement.java +++ b/server/src/com/cloud/network/element/DomainRouterElement.java @@ -17,6 +17,8 @@ */ package com.cloud.network.element; +import java.util.List; + import javax.ejb.Local; import org.apache.log4j.Logger; @@ -26,11 +28,12 @@ import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InsufficientCapacityException; import com.cloud.exception.InsufficientNetworkCapacityException; import com.cloud.exception.ResourceUnavailableException; -import com.cloud.network.Networks.TrafficType; import com.cloud.network.Network; import com.cloud.network.NetworkManager; +import com.cloud.network.Networks.TrafficType; import com.cloud.network.dao.NetworkDao; import com.cloud.network.router.DomainRouterManager; +import com.cloud.network.rules.FirewallRule; import com.cloud.offering.NetworkOffering; import com.cloud.offering.NetworkOffering.GuestIpType; import com.cloud.uservm.UserVm; @@ -114,17 +117,12 @@ public class DomainRouterElement extends AdapterBase implements NetworkElement { return _routerMgr.stopRouter(router.getId(), 1); } - @Override - public boolean addRule() { - return false; - } - - @Override - public boolean revokeRule() { - return false; - } - protected DomainRouterElement() { super(); } + + @Override + public boolean applyRules(Network config, List rules) throws ResourceUnavailableException { + return false; + } } diff --git a/core/src/com/cloud/agent/api/routing/RoutingCommand.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManager.java similarity index 80% rename from core/src/com/cloud/agent/api/routing/RoutingCommand.java rename to server/src/com/cloud/network/lb/LoadBalancingRulesManager.java index 36cc89e58dc..db77dd2d9b9 100644 --- a/core/src/com/cloud/agent/api/routing/RoutingCommand.java +++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManager.java @@ -15,12 +15,10 @@ * along with this program. If not, see . * */ -package com.cloud.agent.api.routing; +package com.cloud.network.lb; -import com.cloud.agent.api.Command; +import com.cloud.utils.net.Ip; -public abstract class RoutingCommand extends Command { - protected RoutingCommand() { - super(); - } +public interface LoadBalancingRulesManager extends LoadBalancingRulesService { + boolean removeAllLoadBalanacers(Ip ip); } diff --git a/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java new file mode 100644 index 00000000000..1b116f49044 --- /dev/null +++ b/server/src/com/cloud/network/lb/LoadBalancingRulesManagerImpl.java @@ -0,0 +1,1194 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.network.lb; + +import java.security.InvalidParameterException; +import java.util.ArrayList; +import java.util.HashSet; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import javax.ejb.Local; +import javax.naming.ConfigurationException; + +import org.apache.log4j.Logger; + +import com.cloud.api.commands.ListLoadBalancerRuleInstancesCmd; +import com.cloud.api.commands.ListLoadBalancerRulesCmd; +import com.cloud.api.commands.UpdateLoadBalancerRuleCmd; +import com.cloud.dc.dao.VlanDao; +import com.cloud.event.EventTypes; +import com.cloud.event.EventVO; +import com.cloud.event.dao.EventDao; +import com.cloud.exception.InvalidParameterValueException; +import com.cloud.exception.NetworkRuleConflictException; +import com.cloud.exception.PermissionDeniedException; +import com.cloud.exception.ResourceUnavailableException; +import com.cloud.network.IPAddressVO; +import com.cloud.network.LoadBalancerVMMapVO; +import com.cloud.network.LoadBalancerVO; +import com.cloud.network.NetworkManager; +import com.cloud.network.dao.FirewallRulesDao; +import com.cloud.network.dao.IPAddressDao; +import com.cloud.network.dao.LoadBalancerDao; +import com.cloud.network.dao.LoadBalancerVMMapDao; +import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.LoadBalancer; +import com.cloud.network.rules.RulesManager; +import com.cloud.user.AccountManager; +import com.cloud.user.UserContext; +import com.cloud.uservm.UserVm; +import com.cloud.utils.component.Inject; +import com.cloud.utils.component.Manager; +import com.cloud.utils.db.DB; +import com.cloud.utils.db.Transaction; +import com.cloud.utils.exception.CloudRuntimeException; +import com.cloud.utils.net.Ip; +import com.cloud.utils.net.NetUtils; +import com.cloud.vm.Nic; +import com.cloud.vm.State; +import com.cloud.vm.UserVmVO; +import com.cloud.vm.dao.UserVmDao; + +@Local(value = { LoadBalancingRulesManager.class, LoadBalancingRulesService.class }) +public class LoadBalancingRulesManagerImpl implements LoadBalancingRulesManager, LoadBalancingRulesService, Manager { + private static final Logger s_logger = Logger.getLogger(LoadBalancingRulesManagerImpl.class); + + String _name; + + @Inject + NetworkManager _networkMgr; + @Inject + RulesManager _rulesMgr; + @Inject + AccountManager _accountMgr; + @Inject + IPAddressDao _ipAddressDao; + @Inject + FirewallRulesDao _rulesDao; + @Inject + LoadBalancerDao _lbDao; + @Inject + VlanDao _vlanDao; + @Inject + EventDao _eventDao; + @Inject + LoadBalancerVMMapDao _lb2VmMapDao; + @Inject UserVmDao _vmDao; + + @Override @DB + public boolean assignToLoadBalancer(long loadBalancerId, List instanceIds) { + UserContext caller = UserContext.current(); + + LoadBalancerVO loadBalancer = _lbDao.findById(loadBalancerId); + if (loadBalancer == null) { + throw new InvalidParameterValueException("Failed to assign to load balancer " + loadBalancerId + ", the load balancer was not found."); + } + + _accountMgr.checkAccess(caller.getAccount(), loadBalancer); + + List mappedInstances = _lb2VmMapDao.listByLoadBalancerId(loadBalancerId, false); + Set mappedInstanceIds = new HashSet(); + for (LoadBalancerVMMapVO mappedInstance : mappedInstances) { + mappedInstanceIds.add(Long.valueOf(mappedInstance.getInstanceId())); + } + + List vmsToAdd = new ArrayList(); + + for (Long instanceId : instanceIds) { + if (mappedInstanceIds.contains(instanceId)) { + s_logger.debug("VM " + instanceId + " is already mapped to load balancer."); + continue; + } + + UserVm vm = _vmDao.findById(instanceId); + if (vm == null || vm.getState() == State.Destroyed || vm.getState() == State.Expunging) { + throw new InvalidParameterValueException("Invalid instance id: " + instanceId); + } + + _accountMgr.checkAccess(caller.getAccount(), vm); + + if (vm.getAccountId() != loadBalancer.getAccountId()) { + throw new PermissionDeniedException("Cannot add virtual machines that do not belong to the same owner."); + } + + // Let's check to make sure the vm has a nic in the same network as the load balancing rule. + List nics = _networkMgr.getNics(vm); + Nic nicInSameNetwork = null; + for (Nic nic : nics) { + if (nic.getNetworkId() == loadBalancer.getNetworkId()) { + nicInSameNetwork = nic; + break; + } + } + + if (nicInSameNetwork == null) { + throw new InvalidParameterValueException("VM " + instanceId + " cannot be added because it doesn't belong in the same network."); + } + + if (s_logger.isDebugEnabled()) { + s_logger.debug("Adding " + vm + " to the load balancer pool"); + } + vmsToAdd.add(vm); + } + + Transaction txn = Transaction.currentTxn(); + txn.start(); + for (UserVm vm : vmsToAdd) { + LoadBalancerVMMapVO map = new LoadBalancerVMMapVO(loadBalancer.getId(), vm.getId(), true); + map = _lb2VmMapDao.persist(map); + } + + txn.commit(); + return true; + } + + + @Override @DB + public boolean removeFromLoadBalancer(long loadBalancerId, List instanceIds) { + UserContext caller = UserContext.current(); + + LoadBalancerVO loadBalancer = _lbDao.findById(Long.valueOf(loadBalancerId)); + if (loadBalancer == null) { + throw new InvalidParameterException("Invalid load balancer value: " + loadBalancerId); + } + + _accountMgr.checkAccess(caller.getAccount(), loadBalancer); + + _lb2VmMapDao.remove(loadBalancerId, instanceIds, null); + return true; + } + + @Override + public boolean deleteLoadBalancerRule(long loadBalancerId, boolean apply) { + UserContext caller = UserContext.current(); + + LoadBalancerVO lb = _lbDao.findById(loadBalancerId); + if (lb == null) { + throw new InvalidParameterException("Invalid load balancer value: " + loadBalancerId); + } + + _accountMgr.checkAccess(caller.getAccount(), lb); + + lb.setState(FirewallRule.State.Revoke); + + if (apply) { + try { + applyLoadBalancerConfig(loadBalancerId); + } catch (ResourceUnavailableException e) { + s_logger.warn("Unable to apply the load balancer config because resource is unavaliable.", e); + return false; + } + } + return true; + } + + @Override + public LoadBalancer createLoadBalancerRule(LoadBalancer lb) throws NetworkRuleConflictException { + UserContext caller = UserContext.current(); + + Ip srcIp = lb.getSourceIpAddress(); + + // make sure ip address exists + IPAddressVO ipAddr = _ipAddressDao.findById(srcIp.addr()); + if (ipAddr == null || ipAddr.getAllocated() == null || ipAddr.getAccountId() == null) { + throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address " + srcIp); + } + + int srcPortStart = lb.getSourcePortStart(); + int srcPortEnd = lb.getSourcePortEnd(); + int defPortStart = lb.getDefaultPortStart(); + int defPortEnd = lb.getDefaultPortEnd(); + + if (!NetUtils.isValidPort(srcPortStart)) { + throw new InvalidParameterValueException("publicPort is an invalid value: " + srcPortStart); + } + if (!NetUtils.isValidPort(srcPortEnd)) { + throw new InvalidParameterValueException("Public port range is an invalid value: " + srcPortEnd); + } + if (srcPortStart > srcPortEnd) { + throw new InvalidParameterValueException("Public port range is an invalid value: " + srcPortStart + "-" + srcPortEnd); + } + if (!NetUtils.isValidPort(defPortStart)) { + throw new InvalidParameterValueException("privatePort is an invalid value: " + defPortStart); + } + if (!NetUtils.isValidPort(defPortEnd)) { + throw new InvalidParameterValueException("privatePort is an invalid value: " + defPortEnd); + } + if (defPortStart > defPortEnd) { + throw new InvalidParameterValueException("private port range is invalid: " + defPortStart + "-" + defPortEnd); + } + if ((lb.getAlgorithm() == null) || !NetUtils.isValidAlgorithm(lb.getAlgorithm())) { + throw new InvalidParameterValueException("Invalid algorithm: " + lb.getAlgorithm()); + } + + LoadBalancerVO newRule = new LoadBalancerVO(lb.getXid(), lb.getName(), lb.getDescription(), lb.getSourceIpAddress(), lb.getSourcePortEnd(), + lb.getDefaultPortStart(), lb.getAlgorithm(), lb.getNetworkId(), lb.getAccountId(), lb.getDomainId()); + + newRule = _lbDao.persist(newRule); + + boolean success = false; + try { + _rulesMgr.detectRulesConflict(newRule, ipAddr); + if (!_rulesDao.setStateToAdd(newRule)) { + throw new CloudRuntimeException("Unable to update the state to add for " + newRule); + } + + success = true; + return newRule; + } catch (Exception e) { + _lbDao.remove(newRule.getId()); + if (e instanceof NetworkRuleConflictException) { + throw (NetworkRuleConflictException) e; + } + + throw new CloudRuntimeException("Unable to add rule for " + newRule.getSourceIpAddress(), e); + } finally { + long userId = caller.getUserId(); + + EventVO event = new EventVO(); + event.setUserId(userId); + event.setAccountId(ipAddr.getAccountId()); + event.setType(EventTypes.EVENT_LOAD_BALANCER_CREATE); + + if (!success) { + event.setDescription("Failed to create load balancer " + lb.getName() + " on ip address " + srcIp + "[" + srcPortStart + "->" + + defPortStart + "]"); + event.setLevel(EventVO.LEVEL_ERROR); + } else { + event.setDescription("Successfully created load balancer " + lb.getName() + " on ip address " + srcIp + "[" + srcPortStart + "->" + + defPortStart + "]"); + String params = "id=" + newRule.getId() + "\ndcId=" + ipAddr.getDataCenterId(); + event.setParameters(params); + event.setLevel(EventVO.LEVEL_INFO); + } + _eventDao.persist(event); + } + } + + @Override + public boolean applyLoadBalancerConfig(long lbRuleId) throws ResourceUnavailableException { + return false; + } + + @Override + public boolean removeAllLoadBalanacers(Ip ip) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean configure(String name, Map params) throws ConfigurationException { + _name = name; + return true; + } + + @Override + public boolean start() { + return true; + } + + @Override + public boolean stop() { + return true; + } + + @Override + public String getName() { + return _name; + } + + @Override + public LoadBalancer updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) { + // TODO Auto-generated method stub + return null; + } + +// @Override @DB +// public boolean removeFromLoadBalancer(RemoveFromLoadBalancerRuleCmd cmd) throws InvalidParameterValueException { +// +// Long userId = UserContext.current().getUserId(); +// Account account = UserContext.current().getAccount(); +// Long loadBalancerId = cmd.getId(); +// Long vmInstanceId = cmd.getVirtualMachineId(); +// List instanceIds = cmd.getVirtualMachineIds(); +// +// if ((vmInstanceId == null) && (instanceIds == null)) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "No virtual machine id specified."); +// } +// +// // if a single instanceId was given, add it to the list so we can always just process the list if instanceIds +// if (instanceIds == null) { +// instanceIds = new ArrayList(); +// instanceIds.add(vmInstanceId); +// } +// +// if (userId == null) { +// userId = Long.valueOf(1); +// } +// +// LoadBalancerVO loadBalancer = _loadBalancerDao.findById(Long.valueOf(loadBalancerId)); +// +// if (loadBalancer == null) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find load balancer rule with id " + loadBalancerId); +// } else if (account != null) { +// if (!isAdmin(account.getType()) && (loadBalancer.getAccountId() != account.getId())) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName() + +// " (id:" + loadBalancer.getId() + ")"); +// } else if (!_domainDao.isChildDomain(account.getDomainId(), loadBalancer.getDomainId())) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid load balancer rule id (" + loadBalancer.getId() + ") given, unable to remove virtual machine instances."); +// } +// } +// +// Transaction txn = Transaction.currentTxn(); +// LoadBalancerVO loadBalancerLock = null; +// boolean success = true; +// try { +// +// IPAddressVO ipAddress = _ipAddressDao.findById(loadBalancer.getIpAddress()); +// if (ipAddress == null) { +// return false; +// } +// +// DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId()); +// if (router == null) { +// return false; +// } +// +// txn.start(); +// for (Long instanceId : instanceIds) { +// UserVm userVm = _userVmDao.findById(instanceId); +// if (userVm == null) { +// s_logger.warn("Unable to find virtual machine with id " + instanceId); +// throw new InvalidParameterValueException("Unable to find virtual machine with id " + instanceId); +// } +// PortForwardingRuleVO fwRule = _rulesDao.findByGroupAndPrivateIp(loadBalancerId, userVm.getGuestIpAddress(), false); +// if (fwRule != null) { +// fwRule.setEnabled(false); +// _rulesDao.update(fwRule.getId(), fwRule); +// } +// } +// +// List allLbRules = new ArrayList(); +// IPAddressVO ipAddr = _ipAddressDao.findById(loadBalancer.getIpAddress()); +// List ipAddrs = listPublicIpAddressesInVirtualNetwork(loadBalancer.getAccountId(), ipAddr.getDataCenterId(), null); +// for (IPAddressVO ipv : ipAddrs) { +// List rules = _rulesDao.listIPForwarding(ipv.getAddress(), false); +// allLbRules.addAll(rules); +// } +// +// updateFirewallRules(loadBalancer.getIpAddress(), allLbRules, router); +// +// // firewall rules are updated, lock the load balancer as mappings are updated +// loadBalancerLock = _loadBalancerDao.acquireInLockTable(loadBalancerId); +// if (loadBalancerLock == null) { +// s_logger.warn("removeFromLoadBalancer: failed to lock load balancer " + loadBalancerId + ", deleting mappings anyway..."); +// } +// +// // remove all the loadBalancer->VM mappings +// _loadBalancerVMMapDao.remove(loadBalancerId, instanceIds, Boolean.FALSE); +// +// // Save and create the event +// String description; +// String type = EventTypes.EVENT_NET_RULE_DELETE; +// String level = EventVO.LEVEL_INFO; +// +// for (PortForwardingRuleVO updatedRule : allLbRules) { +// if (!updatedRule.isEnabled()) { +// _rulesDao.remove(updatedRule.getId()); +// +// description = "deleted load balancer rule [" + updatedRule.getSourceIpAddress() + ":" + updatedRule.getSourcePort() + "]->[" +// + updatedRule.getDestinationIpAddress() + ":" + updatedRule.getDestinationPort() + "]" + " " + updatedRule.getProtocol(); +// +// EventUtils.saveEvent(userId, loadBalancer.getAccountId(), level, type, description); +// } +// } +// txn.commit(); +// } catch (Exception ex) { +// s_logger.warn("Failed to delete load balancing rule with exception: ", ex); +// success = false; +// txn.rollback(); +// } finally { +// if (loadBalancerLock != null) { +// _loadBalancerDao.releaseFromLockTable(loadBalancerId); +// } +// } +// return success; +// } +// +// @Override @DB +// public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ +// Long loadBalancerId = cmd.getId(); +// Long userId = UserContext.current().getUserId(); +// Account account = UserContext.current().getAccount(); +// +// ///verify input parameters +// LoadBalancerVO loadBalancer = _loadBalancerDao.findById(loadBalancerId); +// if (loadBalancer == null) { +// throw new InvalidParameterValueException ("Unable to find load balancer rule with id " + loadBalancerId); +// } +// +// if (account != null) { +// if (!isAdmin(account.getType())) { +// if (loadBalancer.getAccountId() != account.getId()) { +// throw new PermissionDeniedException("Account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied"); +// } +// } else if (!_domainDao.isChildDomain(account.getDomainId(), loadBalancer.getDomainId())) { +// throw new PermissionDeniedException("Unable to delete load balancer rule " + loadBalancer.getName() + " (id:" + loadBalancerId + "), permission denied."); +// } +// } +// +// if (userId == null) { +// userId = Long.valueOf(1); +// } +// +// Transaction txn = Transaction.currentTxn(); +// LoadBalancerVO loadBalancerLock = null; +// try { +// +// IPAddressVO ipAddress = _ipAddressDao.findById(loadBalancer.getIpAddress()); +// if (ipAddress == null) { +// return false; +// } +// +// DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId()); +// List fwRules = _firewallRulesDao.listByLoadBalancerId(loadBalancerId); +// +// txn.start(); +// +// if ((fwRules != null) && !fwRules.isEmpty()) { +// for (PortForwardingRuleVO fwRule : fwRules) { +// fwRule.setEnabled(false); +// _firewallRulesDao.update(fwRule.getId(), fwRule); +// } +// +// List allLbRules = new ArrayList(); +// List ipAddrs = listPublicIpAddressesInVirtualNetwork(loadBalancer.getAccountId(), ipAddress.getDataCenterId(), null); +// for (IPAddressVO ipv : ipAddrs) { +// List rules = _firewallRulesDao.listIPForwarding(ipv.getAddress(), false); +// allLbRules.addAll(rules); +// } +// +// updateFirewallRules(loadBalancer.getIpAddress(), allLbRules, router); +// +// // firewall rules are updated, lock the load balancer as the mappings are updated +// loadBalancerLock = _loadBalancerDao.acquireInLockTable(loadBalancerId); +// if (loadBalancerLock == null) { +// s_logger.warn("deleteLoadBalancer: failed to lock load balancer " + loadBalancerId + ", deleting mappings anyway..."); +// } +// +// // remove all loadBalancer->VM mappings +// List lbVmMap = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId); +// if (lbVmMap != null && !lbVmMap.isEmpty()) { +// for (LoadBalancerVMMapVO lb : lbVmMap) { +// _loadBalancerVMMapDao.remove(lb.getId()); +// } +// } +// +// // Save and create the event +// String description; +// String type = EventTypes.EVENT_NET_RULE_DELETE; +// String ruleName = "load balancer"; +// String level = EventVO.LEVEL_INFO; +// Account accountOwner = _accountDao.findById(loadBalancer.getAccountId()); +// +// for (PortForwardingRuleVO updatedRule : fwRules) { +// _firewallRulesDao.remove(updatedRule.getId()); +// +// description = "deleted " + ruleName + " rule [" + updatedRule.getSourceIpAddress() + ":" + updatedRule.getSourcePort() + "]->[" +// + updatedRule.getDestinationIpAddress() + ":" + updatedRule.getDestinationPort() + "]" + " " + updatedRule.getProtocol(); +// +// EventUtils.saveEvent(userId, accountOwner.getId(), level, type, description); +// } +// } +// +// txn.commit(); +// } catch (Exception ex) { +// txn.rollback(); +// s_logger.error("Unexpected exception deleting load balancer " + loadBalancerId, ex); +// return false; +// } finally { +// if (loadBalancerLock != null) { +// _loadBalancerDao.releaseFromLockTable(loadBalancerId); +// } +// } +// +// boolean success = _loadBalancerDao.remove(loadBalancerId); +// +// // save off an event for removing the load balancer +// EventVO event = new EventVO(); +// event.setUserId(userId); +// event.setAccountId(loadBalancer.getAccountId()); +// event.setType(EventTypes.EVENT_LOAD_BALANCER_DELETE); +// if (success) { +// event.setLevel(EventVO.LEVEL_INFO); +// String params = "id="+loadBalancer.getId(); +// event.setParameters(params); +// event.setDescription("Successfully deleted load balancer " + loadBalancer.getName() + " (id:" + loadBalancer.getId() + ")"); +// } else { +// event.setLevel(EventVO.LEVEL_ERROR); +// event.setDescription("Failed to delete load balancer " + loadBalancer.getName() + " (id:" + loadBalancer.getId() + ")"); +// } +// _eventDao.persist(event); +// return success; +// } +// @Override @DB +// public boolean assignToLoadBalancer(AssignToLoadBalancerRuleCmd cmd) throws NetworkRuleConflictException { +// Long loadBalancerId = cmd.getLoadBalancerId(); +// Long instanceIdParam = cmd.getVirtualMachineId(); +// List instanceIds = cmd.getVirtualMachineIds(); +// +// if ((instanceIdParam == null) && (instanceIds == null)) { +// throw new InvalidParameterValueException("Unable to assign to load balancer " + loadBalancerId + ", no instance id is specified."); +// } +// +// if ((instanceIds == null) && (instanceIdParam != null)) { +// instanceIds = new ArrayList(); +// instanceIds.add(instanceIdParam); +// } +// +// // FIXME: We should probably lock the load balancer here to prevent multiple updates... +// LoadBalancerVO loadBalancer = _loadBalancerDao.findById(loadBalancerId); +// if (loadBalancer == null) { +// throw new InvalidParameterValueException("Failed to assign to load balancer " + loadBalancerId + ", the load balancer was not found."); +// } +// +// +// // Permission check... +// Account account = UserContext.current().getAccount(); +// if (account != null) { +// if (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN) { +// if (!_domainDao.isChildDomain(account.getDomainId(), loadBalancer.getDomainId())) { +// throw new PermissionDeniedException("Failed to assign to load balancer " + loadBalancerId + ", permission denied."); +// } +// } else if (account.getType() != Account.ACCOUNT_TYPE_ADMIN && account.getId() != loadBalancer.getAccountId()) { +// throw new PermissionDeniedException("Failed to assign to load balancer " + loadBalancerId + ", permission denied."); +// } +// } +// +// Transaction txn = Transaction.currentTxn(); +// List firewallRulesToApply = new ArrayList(); +// long accountId = 0; +// DomainRouterVO router = null; +// +// List mappedInstances = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId, false); +// Set mappedInstanceIds = new HashSet(); +// if (mappedInstances != null) { +// for (LoadBalancerVMMapVO mappedInstance : mappedInstances) { +// mappedInstanceIds.add(Long.valueOf(mappedInstance.getInstanceId())); +// } +// } +// +// List finalInstanceIds = new ArrayList(); +// for (Long instanceId : instanceIds) { +// if (mappedInstanceIds.contains(instanceId)) { +// continue; +// } else { +// finalInstanceIds.add(instanceId); +// } +// +// UserVmVO userVm = _vmDao.findById(instanceId); +// if (userVm == null) { +// s_logger.warn("Unable to find virtual machine with id " + instanceId); +// throw new InvalidParameterValueException("Unable to find virtual machine with id " + instanceId); +// } else { +// // sanity check that the vm can be applied to the load balancer +// ServiceOfferingVO offering = _serviceOfferingDao.findById(userVm.getServiceOfferingId()); +// if ((offering == null) || !GuestIpType.Virtualized.equals(offering.getGuestIpType())) { +// // we previously added these instanceIds to the loadBalancerVMMap, so remove them here as we are rejecting the API request +// // without actually modifying the load balancer +// _loadBalancerVMMapDao.remove(loadBalancerId, instanceIds, Boolean.TRUE); +// +// if (s_logger.isDebugEnabled()) { +// s_logger.debug("Unable to add virtual machine " + userVm.toString() + " to load balancer " + loadBalancerId + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")"); +// } +// +// throw new InvalidParameterValueException("Unable to add virtual machine " + userVm.toString() + " to load balancer " + loadBalancerId + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")"); +// } +// } +// +// if (accountId == 0) { +// accountId = userVm.getAccountId(); +// } else if (accountId != userVm.getAccountId()) { +// s_logger.warn("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") belongs to account " + userVm.getAccountId() +// + ", previous vm in list belongs to account " + accountId); +// throw new InvalidParameterValueException("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") belongs to account " + userVm.getAccountId() +// + ", previous vm in list belongs to account " + accountId); +// } +// +// DomainRouterVO nextRouter = null; +// if (userVm.getDomainRouterId() != null) { +// nextRouter = _routerMgr.getRouter(userVm.getDomainRouterId()); +// } +// if (nextRouter == null) { +// s_logger.warn("Unable to find router (" + userVm.getDomainRouterId() + ") for virtual machine with id " + instanceId); +// throw new InvalidParameterValueException("Unable to find router (" + userVm.getDomainRouterId() + ") for virtual machine with id " + instanceId); +// } +// +// if (router == null) { +// router = nextRouter; +// +// // Make sure owner of router is owner of load balancer. Since we are already checking that all VMs belong to the same router, by checking router +// // ownership once we'll make sure all VMs belong to the owner of the load balancer. +// if (router.getAccountId() != loadBalancer.getAccountId()) { +// throw new InvalidParameterValueException("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") does not belong to the owner of load balancer " + +// loadBalancer.getName() + " (owner is account id " + loadBalancer.getAccountId() + ")"); +// } +// } else if (router.getId() != nextRouter.getId()) { +// throw new InvalidParameterValueException("guest vm " + userVm.getHostName() + " (id:" + userVm.getId() + ") belongs to router " + nextRouter.getHostName() +// + ", previous vm in list belongs to router " + router.getHostName()); +// } +// +// // check for ip address/port conflicts by checking exising forwarding and loadbalancing rules +// String ipAddress = loadBalancer.getIpAddress(); +// String privateIpAddress = userVm.getGuestIpAddress(); +// List existingRulesOnPubIp = _rulesDao.listIPForwarding(ipAddress); +// +// if (existingRulesOnPubIp != null) { +// for (PortForwardingRuleVO fwRule : existingRulesOnPubIp) { +// if (!( (fwRule.isForwarding() == false) && +// (fwRule.getGroupId() != null) && +// (fwRule.getGroupId() == loadBalancer.getId()) )) { +// // if the rule is not for the current load balancer, check to see if the private IP is our target IP, +// // in which case we have a conflict +// if (fwRule.getSourcePort().equals(loadBalancer.getPublicPort())) { +// throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + loadBalancer.getPublicPort() +// + " exists, found while trying to apply load balancer " + loadBalancer.getName() + " (id:" + loadBalancer.getId() + ") to instance " +// + userVm.getHostName() + "."); +// } +// } else if (fwRule.getDestinationIpAddress().equals(privateIpAddress) && fwRule.getDestinationPort().equals(loadBalancer.getPrivatePort()) && fwRule.isEnabled()) { +// // for the current load balancer, don't add the same instance to the load balancer more than once +// continue; +// } +// } +// } +// +// PortForwardingRuleVO newFwRule = new PortForwardingRuleVO(); +// newFwRule.setAlgorithm(loadBalancer.getAlgorithm()); +// newFwRule.setEnabled(true); +// newFwRule.setForwarding(false); +// newFwRule.setPrivatePort(loadBalancer.getPrivatePort()); +// newFwRule.setPublicPort(loadBalancer.getPublicPort()); +// newFwRule.setPublicIpAddress(loadBalancer.getIpAddress()); +// newFwRule.setPrivateIpAddress(userVm.getGuestIpAddress()); +// newFwRule.setGroupId(loadBalancer.getId()); +// +// firewallRulesToApply.add(newFwRule); +// } +// +// // if there's no work to do, bail out early rather than reconfiguring the proxy with the existing rules +// if (firewallRulesToApply.isEmpty()) { +// return true; +// } +// +// //Sync on domR +// if(router == null){ +// throw new InvalidParameterValueException("Failed to assign to load balancer " + loadBalancerId + ", the domain router was not found at " + loadBalancer.getIpAddress()); +// } +// else{ +// cmd.synchronizeCommand("Router", router.getId()); +// } +// +// IPAddressVO ipAddr = _ipAddressDao.findById(loadBalancer.getIpAddress()); +// List ipAddrs = listPublicIpAddressesInVirtualNetwork(accountId, ipAddr.getDataCenterId(), null); +// for (IPAddressVO ipv : ipAddrs) { +// List rules = _rulesDao.listIpForwardingRulesForLoadBalancers(ipv.getAddress()); +// firewallRulesToApply.addAll(rules); +// } +// +// txn.start(); +// +// List updatedRules = null; +// if (router.getState().equals(State.Starting)) { +// // Starting is a special case...if the router is starting that means the IP address hasn't yet been assigned to the domR and the update firewall rules script will fail. +// // In this case, just store the rules and they will be applied when the router state is resent (after the router is started). +// updatedRules = firewallRulesToApply; +// } else { +// updatedRules = updateFirewallRules(loadBalancer.getIpAddress(), firewallRulesToApply, router); +// } +// +// // Save and create the event +// String description; +// String type = EventTypes.EVENT_NET_RULE_ADD; +// String ruleName = "load balancer"; +// String level = EventVO.LEVEL_INFO; +// +// LoadBalancerVO loadBalancerLock = null; +// try { +// loadBalancerLock = _loadBalancerDao.acquireInLockTable(loadBalancerId); +// if (loadBalancerLock == null) { +// s_logger.warn("assignToLoadBalancer: Failed to lock load balancer " + loadBalancerId + ", proceeding with updating loadBalancerVMMappings..."); +// } +// if ((updatedRules != null) && (updatedRules.size() == firewallRulesToApply.size())) { +// // flag the instances as mapped to the load balancer +// for (Long addedInstanceId : finalInstanceIds) { +// LoadBalancerVMMapVO mappedVM = new LoadBalancerVMMapVO(loadBalancerId, addedInstanceId); +// _loadBalancerVMMapDao.persist(mappedVM); +// } +// +// /* We used to add these instances as pending when the API command is received on the server, and once they were applied, +// * the pending status was removed. In the 2.2 API framework, this is no longer done and instead the new mappings just +// * need to be persisted +// List pendingMappedVMs = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId, true); +// for (LoadBalancerVMMapVO pendingMappedVM : pendingMappedVMs) { +// if (instanceIds.contains(pendingMappedVM.getInstanceId())) { +// LoadBalancerVMMapVO pendingMappedVMForUpdate = _loadBalancerVMMapDao.createForUpdate(); +// pendingMappedVMForUpdate.setPending(false); +// _loadBalancerVMMapDao.update(pendingMappedVM.getId(), pendingMappedVMForUpdate); +// } +// } +// */ +// +// for (PortForwardingRuleVO updatedRule : updatedRules) { +// _rulesDao.persist(updatedRule); +// +// description = "created new " + ruleName + " rule [" + updatedRule.getSourceIpAddress() + ":" +// + updatedRule.getSourcePort() + "]->[" + updatedRule.getDestinationIpAddress() + ":" +// + updatedRule.getDestinationPort() + "]" + " " + updatedRule.getProtocol(); +// +// EventUtils.saveEvent(UserContext.current().getUserId(), loadBalancer.getAccountId(), level, type, description); +// } +// txn.commit(); +// return true; +// } else { +// // Remove the instanceIds from the load balancer since there was a failure. Make sure to commit the +// // transaction here, otherwise the act of throwing the internal error exception will cause this +// // remove operation to be rolled back. +// _loadBalancerVMMapDao.remove(loadBalancerId, instanceIds, null); +// txn.commit(); +// +// s_logger.warn("Failed to apply load balancer " + loadBalancer.getName() + " (id:" + loadBalancerId + ") to guest virtual machines " + StringUtils.join(instanceIds, ",")); +// throw new CloudRuntimeException("Failed to apply load balancer " + loadBalancer.getName() + " (id:" + loadBalancerId + ") to guest virtual machine " + StringUtils.join(instanceIds, ",")); +// } +// } finally { +// if (loadBalancerLock != null) { +// _loadBalancerDao.releaseFromLockTable(loadBalancerId); +// } +// } +// } + + +// @Override @DB +// public LoadBalancer createLoadBalancerRule(CreateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { +// String publicIp = cmd.getPublicIp(); +// +// // make sure ip address exists +// IPAddressVO ipAddr = _ipAddressDao.findById(cmd.getPublicIp()); +// if (ipAddr == null) { +// throw new InvalidParameterValueException("Unable to create load balancer rule, invalid IP address " + publicIp); +// } +// +// VlanVO vlan = _vlanDao.findById(ipAddr.getVlanDbId()); +// if (vlan != null) { +// if (!VlanType.VirtualNetwork.equals(vlan.getVlanType())) { +// throw new InvalidParameterValueException("Unable to create load balancer rule for IP address " + publicIp + ", only VirtualNetwork type IP addresses can be used for load balancers."); +// } +// } // else ERROR? +// +// // Verify input parameters +// if ((ipAddr.getAccountId() == null) || (ipAddr.getAllocated() == null)) { +// throw new InvalidParameterValueException("Unable to create load balancer rule, cannot find account owner for ip " + publicIp); +// } +// +// Account account = UserContext.current().getAccount(); +// if (account != null) { +// if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) { +// if (!_domainDao.isChildDomain(account.getDomainId(), ipAddr.getDomainId())) { +// throw new PermissionDeniedException("Unable to create load balancer rule on IP address " + publicIp + ", permission denied."); +// } +// } else if (account.getId() != ipAddr.getAccountId().longValue()) { +// throw new PermissionDeniedException("Unable to create load balancer rule, account " + account.getAccountName() + " doesn't own ip address " + publicIp); +// } +// } +// +// String loadBalancerName = cmd.getLoadBalancerRuleName(); +// LoadBalancerVO existingLB = _loadBalancerDao.findByAccountAndName(ipAddr.getAccountId(), loadBalancerName); +// if (existingLB != null) { +// throw new InvalidParameterValueException("Unable to create load balancer rule, an existing load balancer rule with name " + loadBalancerName + " already exists."); +// } +// +// // validate params +// String publicPort = cmd.getPublicPort(); +// String privatePort = cmd.getPrivatePort(); +// String algorithm = cmd.getAlgorithm(); +// +// if (!NetUtils.isValidPort(publicPort)) { +// throw new InvalidParameterValueException("publicPort is an invalid value"); +// } +// if (!NetUtils.isValidPort(privatePort)) { +// throw new InvalidParameterValueException("privatePort is an invalid value"); +// } +// if ((algorithm == null) || !NetUtils.isValidAlgorithm(algorithm)) { +// throw new InvalidParameterValueException("Invalid algorithm"); +// } +// +// boolean locked = false; +// try { +// LoadBalancerVO exitingLB = _loadBalancerDao.findByIpAddressAndPublicPort(publicIp, publicPort); +// if (exitingLB != null) { +// throw new InvalidParameterValueException("IP Address/public port already load balanced by an existing load balancer rule"); +// } +// +// List existingFwRules = _rulesDao.listIPForwarding(publicIp, publicPort, true); +// if ((existingFwRules != null) && !existingFwRules.isEmpty()) { +// throw new InvalidParameterValueException("IP Address (" + publicIp + ") and port (" + publicPort + ") already in use"); +// } +// +// ipAddr = _ipAddressDao.acquireInLockTable(publicIp); +// if (ipAddr == null) { +// throw new PermissionDeniedException("User does not own ip address " + publicIp); +// } +// +// locked = true; +// +// LoadBalancerVO loadBalancer = new LoadBalancerVO(loadBalancerName, cmd.getDescription(), ipAddr.getAccountId(), publicIp, publicPort, privatePort, algorithm); +// loadBalancer = _loadBalancerDao.persist(loadBalancer); +// Long id = loadBalancer.getId(); +// +// // Save off information for the event that the security group was applied +// Long userId = UserContext.current().getUserId(); +// if (userId == null) { +// userId = Long.valueOf(User.UID_SYSTEM); +// } +// +// EventVO event = new EventVO(); +// event.setUserId(userId); +// event.setAccountId(ipAddr.getAccountId()); +// event.setType(EventTypes.EVENT_LOAD_BALANCER_CREATE); +// +// if (id == null) { +// event.setDescription("Failed to create load balancer " + loadBalancer.getName() + " on ip address " + publicIp + "[" + publicPort + "->" + privatePort + "]"); +// event.setLevel(EventVO.LEVEL_ERROR); +// } else { +// event.setDescription("Successfully created load balancer " + loadBalancer.getName() + " on ip address " + publicIp + "[" + publicPort + "->" + privatePort + "]"); +// String params = "id="+loadBalancer.getId()+"\ndcId="+ipAddr.getDataCenterId(); +// event.setParameters(params); +// event.setLevel(EventVO.LEVEL_INFO); +// } +// _eventDao.persist(event); +// +// return _loadBalancerDao.findById(id); +// } finally { +// if (locked) { +// _ipAddressDao.releaseFromLockTable(publicIp); +// } +// } +// } + +// @Override +// public boolean updateLoadBalancerRules(final List fwRules, final DomainRouterVO router, Long hostId) { +// +// for (PortForwardingRuleVO rule : fwRules) { +// // Determine the the VLAN ID and netmask of the rule's public IP address +// IPAddressVO ip = _ipAddressDao.findById(rule.getSourceIpAddress()); +// VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId())); +// String vlanNetmask = vlan.getVlanNetmask(); +// +// rule.setVlanNetmask(vlanNetmask); +// } +// +// final LoadBalancerConfigurator cfgrtr = new HAProxyConfigurator(); +// final String [] cfg = cfgrtr.generateConfiguration(fwRules); +// final String [][] addRemoveRules = cfgrtr.generateFwRules(fwRules); +// final LoadBalancerCfgCommand cmd = new LoadBalancerCfgCommand(cfg, addRemoveRules, router.getInstanceName(), router.getPrivateIpAddress()); +// final Answer ans = _agentMgr.easySend(hostId, cmd); +// if (ans == null) { +// return false; +// } else { +// return ans.getResult(); +// } +// } +// @Override @DB +// public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ +// Long loadBalancerId = cmd.getId(); +// String privatePort = cmd.getPrivatePort(); +// String algorithm = cmd.getAlgorithm(); +// String name = cmd.getLoadBalancerName(); +// String description = cmd.getDescription(); +// Account account = UserContext.current().getAccount(); +// +// //Verify input parameters +// LoadBalancerVO loadBalancer = _loadBalancerDao.findById(loadBalancerId); +// if (loadBalancer == null) { +// throw new InvalidParameterValueException("Unable to find load balancer rule " + loadBalancerId + " for update."); +// } +// +// // make sure the name's not already in use +// if (name != null) { +// LoadBalancerVO existingLB = _loadBalancerDao.findByAccountAndName(loadBalancer.getAccountId(), name); +// if ((existingLB != null) && (existingLB.getId() != loadBalancer.getId())) { +// throw new InvalidParameterValueException("Unable to update load balancer " + loadBalancer.getName() + " with new name " + name + ", the name is already in use."); +// } +// } +// +// Account lbOwner = _accountDao.findById(loadBalancer.getAccountId()); +// if (lbOwner == null) { +// throw new InvalidParameterValueException("Unable to update load balancer rule, cannot find owning account"); +// } +// +// Long accountId = lbOwner.getId(); +// if (account != null) { +// if (!isAdmin(account.getType())) { +// if (account.getId() != accountId.longValue()) { +// throw new PermissionDeniedException("Unable to update load balancer rule, permission denied"); +// } +// } else if (!_domainDao.isChildDomain(account.getDomainId(), lbOwner.getDomainId())) { +// throw new PermissionDeniedException("Unable to update load balancer rule, permission denied."); +// } +// } +// +// String updatedPrivatePort = ((privatePort == null) ? loadBalancer.getPrivatePort() : privatePort); +// String updatedAlgorithm = ((algorithm == null) ? loadBalancer.getAlgorithm() : algorithm); +// String updatedName = ((name == null) ? loadBalancer.getName() : name); +// String updatedDescription = ((description == null) ? loadBalancer.getDescription() : description); +// +// Transaction txn = Transaction.currentTxn(); +// try { +// txn.start(); +// loadBalancer.setPrivatePort(updatedPrivatePort); +// loadBalancer.setAlgorithm(updatedAlgorithm); +// loadBalancer.setName(updatedName); +// loadBalancer.setDescription(updatedDescription); +// _loadBalancerDao.update(loadBalancer.getId(), loadBalancer); +// +// List fwRules = _firewallRulesDao.listByLoadBalancerId(loadBalancer.getId()); +// if ((fwRules != null) && !fwRules.isEmpty()) { +// for (PortForwardingRuleVO fwRule : fwRules) { +// fwRule.setPrivatePort(updatedPrivatePort); +// fwRule.setAlgorithm(updatedAlgorithm); +// _firewallRulesDao.update(fwRule.getId(), fwRule); +// } +// } +// txn.commit(); +// } catch (RuntimeException ex) { +// s_logger.warn("Unhandled exception trying to update load balancer rule", ex); +// txn.rollback(); +// throw ex; +// } finally { +// txn.close(); +// } +// +// // now that the load balancer has been updated, reconfigure the HA Proxy on the router with all the LB rules +// List allLbRules = new ArrayList(); +// IPAddressVO ipAddress = _ipAddressDao.findById(loadBalancer.getIpAddress()); +// List ipAddrs = listPublicIpAddressesInVirtualNetwork(loadBalancer.getAccountId(), ipAddress.getDataCenterId(), null); +// for (IPAddressVO ipv : ipAddrs) { +// List rules = _firewallRulesDao.listIPForwarding(ipv.getAddress(), false); +// allLbRules.addAll(rules); +// } +// +// IPAddressVO ip = _ipAddressDao.findById(loadBalancer.getIpAddress()); +// DomainRouterVO router = _routerMgr.getRouter(ip.getAccountId(), ip.getDataCenterId()); +// updateFirewallRules(loadBalancer.getIpAddress(), allLbRules, router); +// return _loadBalancerDao.findById(loadBalancer.getId()); +// } + + @Override + public List listLoadBalancerInstances(ListLoadBalancerRuleInstancesCmd cmd) throws PermissionDeniedException { +// Account account = UserContext.current().getAccount(); +// Long loadBalancerId = cmd.getId(); +// Boolean applied = cmd.isApplied(); +// +// if (applied == null) { +// applied = Boolean.TRUE; +// } +// +// LoadBalancerVO loadBalancer = _loadBalancerDao.findById(loadBalancerId); +// if (loadBalancer == null) { +// return null; +// } +// +// if (account != null) { +// long lbAcctId = loadBalancer.getAccountId(); +// if (isAdmin(account.getType())) { +// Account userAccount = _accountDao.findById(lbAcctId); +// if (!_domainDao.isChildDomain(account.getDomainId(), userAccount.getDomainId())) { +// throw new PermissionDeniedException("Invalid load balancer rule id (" + loadBalancerId + ") given, unable to list load balancer instances."); +// } +// } else if (account.getId() != lbAcctId) { +// throw new PermissionDeniedException("Unable to list load balancer instances, account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName()); +// } +// } +// +// List loadBalancerInstances = new ArrayList(); +// List vmLoadBalancerMappings = null; +// if (applied) { +// // List only the instances that have actually been applied to the load balancer (pending is false). +// vmLoadBalancerMappings = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId, false); +// } else { +// // List all instances applied, even pending ones that are currently being assigned, so that the semantics +// // of "what instances can I apply to this load balancer" are maintained. +// vmLoadBalancerMappings = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId); +// } +// List appliedInstanceIdList = new ArrayList(); +// if ((vmLoadBalancerMappings != null) && !vmLoadBalancerMappings.isEmpty()) { +// for (LoadBalancerVMMapVO vmLoadBalancerMapping : vmLoadBalancerMappings) { +// appliedInstanceIdList.add(vmLoadBalancerMapping.getInstanceId()); +// } +// } +// +// IPAddressVO addr = _publicIpAddressDao.findById(loadBalancer.getIpAddress()); +// List userVms = _userVmDao.listVirtualNetworkInstancesByAcctAndZone(loadBalancer.getAccountId(), addr.getDataCenterId()); +// +// for (UserVmVO userVm : userVms) { +// // if the VM is destroyed, being expunged, in an error state, or in an unknown state, skip it +// switch (userVm.getState()) { +// case Destroyed: +// case Expunging: +// case Error: +// case Unknown: +// continue; +// } +// +// boolean isApplied = appliedInstanceIdList.contains(userVm.getId()); +// if (!applied && !isApplied) { +// loadBalancerInstances.add(userVm); +// } else if (applied && isApplied) { +// loadBalancerInstances.add(userVm); +// } +// } +// +// return loadBalancerInstances; + return null; + } + + @Override + public List searchForLoadBalancers(ListLoadBalancerRulesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { + // do some parameter validation +// Account account = UserContext.current().getAccount(); +// String accountName = cmd.getAccountName(); +// Long domainId = cmd.getDomainId(); +// Long accountId = null; +// Account ipAddressOwner = null; +// String ipAddress = cmd.getPublicIp(); +// +// if (ipAddress != null) { +// IPAddressVO ipAddressVO = _publicIpAddressDao.findById(ipAddress); +// if (ipAddressVO == null) { +// throw new InvalidParameterValueException("Unable to list load balancers, IP address " + ipAddress + " not found."); +// } else { +// Long ipAddrAcctId = ipAddressVO.getAccountId(); +// if (ipAddrAcctId == null) { +// throw new InvalidParameterValueException("Unable to list load balancers, IP address " + ipAddress + " is not associated with an account."); +// } +// ipAddressOwner = _accountDao.findById(ipAddrAcctId); +// } +// } +// +// if ((account == null) || isAdmin(account.getType())) { +// // validate domainId before proceeding +// if (domainId != null) { +// if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { +// throw new PermissionDeniedException("Unable to list load balancers for domain id " + domainId + ", permission denied."); +// } +// if (accountName != null) { +// Account userAccount = _accountDao.findActiveAccount(accountName, domainId); +// if (userAccount != null) { +// accountId = userAccount.getId(); +// } else { +// throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); +// } +// } +// } else if (ipAddressOwner != null) { +// if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), ipAddressOwner.getDomainId())) { +// throw new PermissionDeniedException("Unable to list load balancer rules for IP address " + ipAddress + ", permission denied."); +// } +// } else { +// domainId = ((account == null) ? DomainVO.ROOT_DOMAIN : account.getDomainId()); +// } +// } else { +// accountId = account.getId(); +// } +// +// Filter searchFilter = new Filter(LoadBalancerVO.class, "ipAddress", true, cmd.getStartIndex(), cmd.getPageSizeVal()); +// +// Object id = cmd.getId(); +// Object name = cmd.getLoadBalancerRuleName(); +// Object keyword = cmd.getKeyword(); +// Object instanceId = cmd.getVirtualMachineId(); +// +// SearchBuilder sb = _loadBalancerDao.createSearchBuilder(); +// sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); +// sb.and("nameEQ", sb.entity().getName(), SearchCriteria.Op.EQ); +// sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ); +// sb.and("ipAddress", sb.entity().getIpAddress(), SearchCriteria.Op.EQ); +// +// if ((accountId == null) && (domainId != null)) { +// // if accountId isn't specified, we can do a domain match for the admin case +// SearchBuilder domainSearch = _domainDao.createSearchBuilder(); +// domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); +// sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); +// } +// +// if (instanceId != null) { +// SearchBuilder lbVMSearch = _loadBalancerVMMapDao.createSearchBuilder(); +// lbVMSearch.and("instanceId", lbVMSearch.entity().getInstanceId(), SearchCriteria.Op.EQ); +// sb.join("lbVMSearch", lbVMSearch, sb.entity().getId(), lbVMSearch.entity().getLoadBalancerId(), JoinBuilder.JoinType.INNER); +// } +// +// SearchCriteria sc = sb.create(); +// if (keyword != null) { +// SearchCriteria ssc = _loadBalancerDao.createSearchCriteria(); +// ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%"); +// ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%"); +// +// sc.addAnd("name", SearchCriteria.Op.SC, ssc); +// } +// +// if (name != null) { +// sc.setParameters("nameEQ", name); +// } +// +// if (id != null) { +// sc.setParameters("id", id); +// } +// +// if (ipAddress != null) { +// sc.setParameters("ipAddress", ipAddress); +// } +// +// if (accountId != null) { +// sc.setParameters("accountId", accountId); +// } else if (domainId != null) { +// DomainVO domain = _domainDao.findById(domainId); +// sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%"); +// } +// +// if (instanceId != null) { +// sc.setJoinParameters("lbVMSearch", "instanceId", instanceId); +// } +// +// return _loadBalancerDao.search(sc, searchFilter); + return null; + } + +// @Override +// public LoadBalancerVO findLoadBalancer(Long accountId, String name) { +// SearchCriteria sc = _loadBalancerDao.createSearchCriteria(); +// sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId); +// sc.addAnd("name", SearchCriteria.Op.EQ, name); +// List loadBalancers = _loadBalancerDao.search(sc, null); +// if ((loadBalancers != null) && !loadBalancers.isEmpty()) { +// return loadBalancers.get(0); +// } +// return null; +// } + + +} diff --git a/server/src/com/cloud/network/router/DomainRouterManagerImpl.java b/server/src/com/cloud/network/router/DomainRouterManagerImpl.java index 1206f070a56..432877708c6 100644 --- a/server/src/com/cloud/network/router/DomainRouterManagerImpl.java +++ b/server/src/com/cloud/network/router/DomainRouterManagerImpl.java @@ -105,7 +105,6 @@ import com.cloud.host.dao.HostDao; import com.cloud.hypervisor.Hypervisor; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.network.DomainRouterService; -import com.cloud.network.FirewallRuleVO; import com.cloud.network.IPAddressVO; import com.cloud.network.Network; import com.cloud.network.NetworkManager; @@ -123,6 +122,7 @@ import com.cloud.network.dao.NetworkRuleConfigDao; import com.cloud.network.dao.RemoteAccessVpnDao; import com.cloud.network.dao.VpnUserDao; import com.cloud.network.router.VirtualRouter.Role; +import com.cloud.network.rules.PortForwardingRuleVO; import com.cloud.offering.NetworkOffering; import com.cloud.offerings.NetworkOfferingVO; import com.cloud.offerings.dao.NetworkOfferingDao; @@ -272,10 +272,11 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute ModifySshKeysCommand cmd = new ModifySshKeysCommand(pubKey, prvKey); final Answer answer = _agentMgr.easySend(hostId, cmd); - if (answer != null) - return true; - else - return false; + if (answer != null) { + return true; + } else { + return false; + } } @Override @@ -297,8 +298,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute if (pod == null) { throw new ConcurrentOperationException("Unable to acquire lock on pod " + podId ); } - if(s_logger.isDebugEnabled()) - s_logger.debug("Lock on pod " + podId + " is acquired"); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Lock on pod " + podId + " is acquired"); + } final long id = _routerDao.getNextInSequence(Long.class, "id"); final String[] macAddresses = _dcDao.getNextAvailableMacAddressPair(dc.getId()); @@ -407,8 +409,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute _routerDao.releaseFromLockTable(id); } if (pod != null) { - if(s_logger.isDebugEnabled()) - s_logger.debug("Releasing lock on pod " + podId); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Releasing lock on pod " + podId); + } _podDao.releaseFromLockTable(pod.getId()); } } @@ -432,8 +435,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute throw new ConcurrentOperationException("Unable to acquire account " + accountId); } - if(s_logger.isDebugEnabled()) - s_logger.debug("lock on account " + accountId + " for createRouter is acquired"); + if(s_logger.isDebugEnabled()) { + s_logger.debug("lock on account " + accountId + " for createRouter is acquired"); + } final Transaction txn = Transaction.currentTxn(); DomainRouterVO router = null; @@ -574,8 +578,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute return null; } finally { if (account != null) { - if(s_logger.isDebugEnabled()) - s_logger.debug("Releasing lock on account " + account.getId() + " for createRouter"); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Releasing lock on account " + account.getId() + " for createRouter"); + } _accountDao.releaseFromLockTable(account.getId()); } if(!success){ @@ -632,8 +637,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute return false; } } finally { - if (s_logger.isDebugEnabled()) + if (s_logger.isDebugEnabled()) { s_logger.debug("Release lock on router " + routerId + " for stop"); + } _routerDao.releaseFromLockTable(routerId); } @@ -699,10 +705,11 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute } router.setServiceOfferingId(serviceOfferingId); - if (_routerDao.update(routerId, router)) - return _routerDao.findById(routerId); - else + if (_routerDao.update(routerId, router)) { + return _routerDao.findById(routerId); + } else { throw new CloudRuntimeException("Unable to upgrade router " + routerId); + } } @@ -781,8 +788,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute AsyncJobExecutor asyncExecutor = BaseAsyncJobExecutor.getCurrentExecutor(); if (asyncExecutor != null) { AsyncJobVO job = asyncExecutor.getJob(); - if (s_logger.isInfoEnabled()) + if (s_logger.isInfoEnabled()) { s_logger.info("Start router " + routerId + ", update async job-" + job.getId()); + } _asyncMgr.updateAsyncJobAttachment(job.getId(), "domain_router", routerId); } @@ -792,8 +800,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute return router; } - if(s_logger.isDebugEnabled()) - s_logger.debug("Lock on router " + routerId + " is acquired"); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Lock on router " + routerId + " is acquired"); + } boolean started = false; String vnet = null; @@ -1024,10 +1033,11 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute router.setPrivateIpAddress(null); - if(_defaultHypervisorType == null || !_defaultHypervisorType.equalsIgnoreCase(Hypervisor.HypervisorType.VmWare.toString())) - _dcDao.releaseLinkLocalIpAddress(privateIpAddress, router.getDataCenterId(), router.getId()); - else - _dcDao.releasePrivateIpAddress(privateIpAddress, router.getDataCenterId(), router.getId()); + if(_defaultHypervisorType == null || !_defaultHypervisorType.equalsIgnoreCase(Hypervisor.HypervisorType.VmWare.toString())) { + _dcDao.releaseLinkLocalIpAddress(privateIpAddress, router.getDataCenterId(), router.getId()); + } else { + _dcDao.releasePrivateIpAddress(privateIpAddress, router.getDataCenterId(), router.getId()); + } _storageMgr.unshare(router, vols, routingHost); } while (--retry > 0 && (routingHost = (HostVO)_agentMgr.findHost(Host.Type.Routing, dc, pod, sp, offering, template, router, null, avoid)) != null); @@ -1093,8 +1103,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute } if (router != null) { - if(s_logger.isDebugEnabled()) - s_logger.debug("Releasing lock on router " + routerId); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Releasing lock on router " + routerId); + } _routerDao.releaseFromLockTable(routerId); } @@ -1138,17 +1149,17 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute return false; } } - final List fwRules = new ArrayList(); - for (final IPAddressVO ipVO : ipAddrs) { - //We need only firewall rules that are either forwarding or for load balancers - fwRules.addAll(_rulesDao.listIPForwarding(ipVO.getAddress(), true)); - fwRules.addAll(_rulesDao.listIpForwardingRulesForLoadBalancers(ipVO.getAddress())); - } - final List result = _networkMgr.updateFirewallRules(router - .getPublicIpAddress(), fwRules, router); - if (result.size() != fwRules.size()) { - return false; - } + final List fwRules = new ArrayList(); +//FIXME: for (final IPAddressVO ipVO : ipAddrs) { +// //We need only firewall rules that are either forwarding or for load balancers +// fwRules.addAll(_rulesDao.listIPForwarding(ipVO.getAddress(), true)); +// fwRules.addAll(_rulesDao.listIpForwardingRulesForLoadBalancers(ipVO.getAddress())); +// } +// final List result = _networkMgr.updateFirewallRules(router +// .getPublicIpAddress(), fwRules, router); +// if (result.size() != fwRules.size()) { +// return false; +// } } return resendDhcpEntries(router) && resendVpnServerData(router); @@ -1158,8 +1169,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute final List vms = _vmDao.listBy(router.getId(), State.Creating, State.Starting, State.Running, State.Stopping, State.Stopped, State.Migrating); Commands cmds = new Commands(OnError.Continue); for (UserVmVO vm: vms) { - if (vm.getGuestIpAddress() == null || vm.getGuestMacAddress() == null || vm.getHostName() == null) - continue; + if (vm.getGuestIpAddress() == null || vm.getGuestMacAddress() == null || vm.getHostName() == null) { + continue; + } DhcpEntryCommand decmd = new DhcpEntryCommand(vm.getGuestMacAddress(), vm.getGuestIpAddress(), router.getPrivateIpAddress(), vm.getHostName()); cmds.addCommand(decmd); } @@ -1248,8 +1260,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute if (asyncExecutor != null) { AsyncJobVO job = asyncExecutor.getJob(); - if (s_logger.isInfoEnabled()) + if (s_logger.isInfoEnabled()) { s_logger.info("Stop router " + routerId + ", update async job-" + job.getId()); + } _asyncMgr.updateAsyncJobAttachment(job.getId(), "domain_router", routerId); } @@ -1365,8 +1378,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute if (asyncExecutor != null) { AsyncJobVO job = asyncExecutor.getJob(); - if (s_logger.isInfoEnabled()) + if (s_logger.isInfoEnabled()) { s_logger.info("Reboot router " + routerId + ", update async job-" + job.getId()); + } _asyncMgr.updateAsyncJobAttachment(job.getId(), "domain_router", routerId); } @@ -1428,10 +1442,11 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute } long eventId = EventUtils.saveScheduledEvent(User.UID_SYSTEM, Account.ACCOUNT_ID_SYSTEM, EventTypes.EVENT_ROUTER_REBOOT, "rebooting Router with Id: "+routerId); - if (rebootRouter(routerId, eventId)) - return _routerDao.findById(routerId); - else - throw new CloudRuntimeException("Fail to reboot router " + routerId); + if (rebootRouter(routerId, eventId)) { + return _routerDao.findById(routerId); + } else { + throw new CloudRuntimeException("Fail to reboot router " + routerId); + } } @Override @@ -1579,10 +1594,11 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute String privateIpAddress = router.getPrivateIpAddress(); if (privateIpAddress != null) { - if(_defaultHypervisorType == null || !_defaultHypervisorType.equalsIgnoreCase(Hypervisor.HypervisorType.VmWare.toString())) - _dcDao.releaseLinkLocalIpAddress(privateIpAddress, router.getDataCenterId(), router.getId()); - else - _dcDao.releasePrivateIpAddress(privateIpAddress, router.getDataCenterId(), router.getId()); + if(_defaultHypervisorType == null || !_defaultHypervisorType.equalsIgnoreCase(Hypervisor.HypervisorType.VmWare.toString())) { + _dcDao.releaseLinkLocalIpAddress(privateIpAddress, router.getDataCenterId(), router.getId()); + } else { + _dcDao.releasePrivateIpAddress(privateIpAddress, router.getDataCenterId(), router.getId()); + } } router.setPrivateIpAddress(null); @@ -1661,8 +1677,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute try { - if(s_logger.isDebugEnabled()) - s_logger.debug("Lock on router " + routerId + " for stop is acquired"); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Lock on router " + routerId + " for stop is acquired"); + } if (router.getRemoved() != null) { s_logger.debug("router " + routerId + " is removed"); @@ -1730,8 +1747,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute processStopOrRebootAnswer(router, answer); } finally { - if(s_logger.isDebugEnabled()) + if(s_logger.isDebugEnabled()) { s_logger.debug("Release lock on router " + routerId + " for stop"); + } _routerDao.releaseFromLockTable(routerId); } return true; @@ -2427,15 +2445,15 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute return false; } } - final List fwRules = new ArrayList(); - for (final IPAddressVO ipVO : ipAddrs) { - fwRules.addAll(_rulesDao.listIPForwarding(ipVO.getAddress())); - } - final List result = _networkMgr.updateFirewallRules(router - .getPublicIpAddress(), fwRules, router); - if (result.size() != fwRules.size()) { - return false; - } +// FIXME final List fwRules = new ArrayList(); +// for (final IPAddressVO ipVO : ipAddrs) { +// fwRules.addAll(_rulesDao.listIPForwarding(ipVO.getAddress())); +// } +// final List result = _networkMgr.updateFirewallRules(router +// .getPublicIpAddress(), fwRules, router); +// if (result.size() != fwRules.size()) { +// return false; +// } } return resendDhcpEntries(router) && resendVpnServerData(router); @@ -2445,8 +2463,9 @@ public class DomainRouterManagerImpl implements DomainRouterManager, DomainRoute final List vms = _vmDao.listBy(router.getId(), State.Creating, State.Starting, State.Running, State.Stopping, State.Stopped, State.Migrating); Commands cmds = new Commands(OnError.Continue); for (UserVmVO vm: vms) { - if (vm.getGuestIpAddress() == null || vm.getGuestMacAddress() == null || vm.getHostName() == null) + if (vm.getGuestIpAddress() == null || vm.getGuestMacAddress() == null || vm.getHostName() == null) { continue; + } DhcpEntryCommand decmd = new DhcpEntryCommand(vm.getGuestMacAddress(), vm.getGuestIpAddress(), router.getPrivateIpAddress(), vm.getHostName()); cmds.addCommand(decmd); } diff --git a/server/src/com/cloud/network/rules/FirewallRuleVO.java b/server/src/com/cloud/network/rules/FirewallRuleVO.java new file mode 100644 index 00000000000..84cc86b9a38 --- /dev/null +++ b/server/src/com/cloud/network/rules/FirewallRuleVO.java @@ -0,0 +1,170 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.network.rules; + +import java.util.Date; + +import javax.persistence.Column; +import javax.persistence.DiscriminatorColumn; +import javax.persistence.DiscriminatorType; +import javax.persistence.Entity; +import javax.persistence.EnumType; +import javax.persistence.Enumerated; +import javax.persistence.GeneratedValue; +import javax.persistence.GenerationType; +import javax.persistence.Id; +import javax.persistence.Inheritance; +import javax.persistence.InheritanceType; +import javax.persistence.Table; + +import com.cloud.utils.db.GenericDao; +import com.cloud.utils.net.Ip; + +@Entity +@Table(name="firewall_rules") +@Inheritance(strategy=InheritanceType.JOINED) +@DiscriminatorColumn(name="purpose", discriminatorType=DiscriminatorType.STRING, length=32) +public class FirewallRuleVO implements FirewallRule { + @Id + @GeneratedValue(strategy=GenerationType.IDENTITY) + @Column(name="id") + long id; + + @GeneratedValue(strategy=GenerationType.AUTO) + @Column(name=GenericDao.XID_COLUMN) + String xId; + + @Column(name="domain_id", updatable=false) + long domainId; + + @Column(name="account_id", updatable=false) + long accountId; + + @Column(name="ip_address", updatable=false) + Ip sourceIpAddress; + + @Column(name="port_start", updatable=false) + int sourcePortStart; + + @Column(name="port_end", updatable=false) + int sourcePortEnd; + + @Column(name="protocol", updatable=false) + String protocol = "TCP"; + + @Enumerated(value=EnumType.STRING) + @Column(name="purpose") + Purpose purpose; + + @Enumerated(value=EnumType.STRING) + @Column(name="state") + State state; + + @Column(name=GenericDao.CREATED_COLUMN) + Date created; + + @Column(name="network_id") + long networkId; + + @Override + public long getAccountId() { + return accountId; + } + + @Override + public long getDomainId() { + return domainId; + } + + @Override + public long getId() { + return id; + } + + @Override + public String getXid() { + return xId; + } + + @Override + public Ip getSourceIpAddress() { + return sourceIpAddress; + } + + @Override + public int getSourcePortStart() { + return sourcePortStart; + } + + @Override + public int getSourcePortEnd() { + return sourcePortEnd; + } + + @Override + public String getProtocol() { + return protocol; + } + + public void setState(State state) { + this.state = state; + } + + @Override + public Purpose getPurpose() { + return purpose; + } + + @Override + public State getState() { + return state; + } + + public long getNetworkId() { + return networkId; + } + + public Date getCreated() { + return created; + } + + protected FirewallRuleVO() { + } + + public FirewallRuleVO(String xId, Ip srcIp, int portStart, int portEnd, String protocol, long networkId, long accountId, long domainId, Purpose purpose) { + this.xId = xId; + this.accountId = accountId; + this.domainId = domainId; + this.sourceIpAddress = srcIp; + this.sourcePortStart = portStart; + this.sourcePortEnd = portEnd; + this.protocol = protocol; + this.purpose = purpose; + this.networkId = networkId; + this.state = State.Staged; + } + + public FirewallRuleVO(String xId, Ip srcIp, int port, String protocol, long networkId, long accountId, long domainId, Purpose purpose) { + this(xId, srcIp, port, port, protocol, networkId, accountId, domainId, purpose); + } + + @Override + public String toString() { + return new StringBuilder("Rule[").append(id).append("-").append(purpose).append("-").append(state).append("]").toString(); + } +} diff --git a/server/src/com/cloud/network/rules/PortForwardingRuleVO.java b/server/src/com/cloud/network/rules/PortForwardingRuleVO.java new file mode 100644 index 00000000000..180d5cbbe8e --- /dev/null +++ b/server/src/com/cloud/network/rules/PortForwardingRuleVO.java @@ -0,0 +1,76 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ + +package com.cloud.network.rules; + +import javax.persistence.Column; +import javax.persistence.DiscriminatorValue; +import javax.persistence.Entity; +import javax.persistence.EnumType; +import javax.persistence.Enumerated; +import javax.persistence.PrimaryKeyJoinColumn; +import javax.persistence.Table; + +import com.cloud.utils.net.Ip; + +@Entity +@Table(name=("port_forwarding_rule")) +@DiscriminatorValue(value="PortForwarding") +@PrimaryKeyJoinColumn(name="id") +public class PortForwardingRuleVO extends FirewallRuleVO implements PortForwardingRule { + + @Enumerated(value=EnumType.STRING) + @Column(name="dest_ip_address") + private Ip destinationIpAddress = null; + + @Column(name="dest_port_start") + private int destinationPortStart; + + @Column(name="dest_port_end") + private int destinationPortEnd; + + public PortForwardingRuleVO() { + } + + public PortForwardingRuleVO(String xId, Ip srcIp, int srcPortStart, int srcPortEnd, Ip dstIp, int dstPortStart, int dstPortEnd, String protocol, long networkId, long accountId, long domainId) { + super(xId, srcIp, srcPortStart, srcPortEnd, protocol, networkId, accountId, domainId, Purpose.PortForwarding); + this.destinationIpAddress = dstIp; + this.destinationPortStart = dstPortStart; + this.destinationPortEnd = dstPortEnd; + } + + public PortForwardingRuleVO(String xId, Ip srcIp, int srcPort, Ip dstIp, int dstPort, String protocol, long networkId, long accountId, long domainId) { + this(xId, srcIp, srcPort, srcPort, dstIp, dstPort, dstPort, protocol, networkId, accountId, domainId); + } + + @Override + public Ip getDestinationIpAddress() { + return destinationIpAddress; + } + + @Override + public int getDestinationPortStart() { + return destinationPortStart; + } + + @Override + public int getDestinationPortEnd() { + return destinationPortEnd; + } +} + diff --git a/server/src/com/cloud/network/rules/RulesManager.java b/server/src/com/cloud/network/rules/RulesManager.java index e0800c84c76..e0917837358 100644 --- a/server/src/com/cloud/network/rules/RulesManager.java +++ b/server/src/com/cloud/network/rules/RulesManager.java @@ -17,113 +17,41 @@ */ package com.cloud.network.rules; -import java.util.List; - -import com.cloud.api.commands.AddVpnUserCmd; -import com.cloud.api.commands.AssignToLoadBalancerRuleCmd; -import com.cloud.api.commands.CreateLoadBalancerRuleCmd; -import com.cloud.api.commands.CreatePortForwardingRuleCmd; -import com.cloud.api.commands.CreateRemoteAccessVpnCmd; -import com.cloud.api.commands.DeleteLoadBalancerRuleCmd; -import com.cloud.api.commands.DeleteRemoteAccessVpnCmd; -import com.cloud.api.commands.ListPortForwardingRulesCmd; -import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd; -import com.cloud.api.commands.RemoveVpnUserCmd; -import com.cloud.api.commands.UpdateLoadBalancerRuleCmd; -import com.cloud.exception.ConcurrentOperationException; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.PermissionDeniedException; -import com.cloud.exception.ResourceUnavailableException; -import com.cloud.network.FirewallRuleVO; -import com.cloud.network.LoadBalancerVO; -import com.cloud.network.RemoteAccessVpnVO; -import com.cloud.network.VpnUserVO; -import com.cloud.vm.DomainRouterVO; +import com.cloud.network.IpAddress; +import com.cloud.user.Account; +import com.cloud.uservm.UserVm; +import com.cloud.utils.net.Ip; -public interface RulesManager { + +/** + * Rules Manager manages the network rules created for different networks. + */ +public interface RulesManager extends RulesService { + PortForwardingRule revokePortForwardingRule(String ruleId, Account caller); + + boolean applyPortForwardingRules(Ip ip, boolean continueOnError); /** - * @param fwRules list of rules to be updated - * @param router router where the rules have to be updated - * @return list of rules successfully updated - */ - List updatePortForwardingRules(List fwRules, DomainRouterVO router, Long hostId); - - /** - * @param fwRules list of rules to be updated - * @param router router where the rules have to be updated - * @return success - */ - boolean updateLoadBalancerRules(List fwRules, DomainRouterVO router, Long hostId); + * detectRulesConflict finds conflicts in networking rules. It checks for + * conflicts between the following types of netowrking rules; + * 1. one to one nat ip forwarding + * 2. port forwarding + * 3. load balancing + * + * It is possible for two conflicting rules to be added at the same time + * and conflicts are detected between those two rules. In this case, it + * is possible for both rules to be rolled back when, technically, we should + * only roll back one of the rules. However, the chances of that is low + * and the user can simply re-add one of the rules themselves. + * + * @param newRule the new rule created. + * @param ipAddress ip address that back up the new rule. + * @throws NetworkRuleConflictException + */ + void detectRulesConflict(FirewallRule newRule, IpAddress ipAddress) throws NetworkRuleConflictException; - /** - * @param publicIpAddress ip address associated with the fwRules - * @param fwRules list of rules to be updated - * @param router router where the rules have to be updated - * @return list of rules successfully updated - */ - List updateFirewallRules(String publicIpAddress, List fwRules, DomainRouterVO router); - - /** - * Create a port forwarding rule from the given ipAddress/port to the given virtual machine/port. - * @param cmd the command specifying the ip address, port, protocol, private port, and virtual machine id. - * @return the newly created FirewallRuleVO if successful, null otherwise. - */ - FirewallRuleVO createPortForwardingRule(CreatePortForwardingRuleCmd cmd) throws NetworkRuleConflictException; - - /** - * List port forwarding rules assigned to an ip address - * @param cmd the command object holding the criteria for listing port forwarding rules (the ipAddress) - * @return list of port forwarding rules on the given address, empty list if no rules exist - */ - List listPortForwardingRules(ListPortForwardingRulesCmd cmd); - - /** - * Create a load balancer rule from the given ipAddress/port to the given private port - * @param cmd the command specifying the ip address, port, protocol, private port, and algorithm - * @return the newly created LoadBalancerVO if successful, null otherwise - */ - LoadBalancerVO createLoadBalancerRule(CreateLoadBalancerRuleCmd cmd); - - boolean updateFirewallRule(FirewallRuleVO fwRule, String oldPrivateIP, String oldPrivatePort); - - /** - * Assign a virtual machine, or list of virtual machines, to a load balancer. - */ - boolean assignToLoadBalancer(AssignToLoadBalancerRuleCmd cmd) throws NetworkRuleConflictException; - - boolean removeFromLoadBalancer(RemoveFromLoadBalancerRuleCmd cmd); - - boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd); - LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd); - - RemoteAccessVpnVO createRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, InvalidParameterValueException, PermissionDeniedException; - - /** - * Start a remote access vpn for the given ip address and client ip range - * @param cmd the command specifying the ip address, ip range - * @return the RemoteAccessVpnVO if successful, null otherwise - * @throws ConcurrentOperationException - * @throws ResourceUnavailableException - */ - RemoteAccessVpnVO startRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, ResourceUnavailableException; - - /** - * Destroy a previously created remote access VPN - * @param cmd the command specifying the account and zone - * @return success if successful, false otherwise - * @throws ConcurrentOperationException - */ - boolean destroyRemoteAccessVpn(DeleteRemoteAccessVpnCmd cmd) throws ConcurrentOperationException; - - VpnUserVO addVpnUser(AddVpnUserCmd cmd) throws ConcurrentOperationException; - - boolean removeVpnUser(RemoveVpnUserCmd cmd) throws ConcurrentOperationException; - - FirewallRuleVO createIpForwardingRuleInDb(String ipAddr, Long virtualMachineId); - - boolean deletePortForwardingRule(Long id, boolean sysContext); - - boolean deleteIpForwardingRule(Long id); + void checkIpAndUserVm(IpAddress ipAddress, UserVm userVm, Account caller) throws InvalidParameterValueException, PermissionDeniedException; } diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index e9cf03553a5..2aef929dde6 100644 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -23,33 +23,328 @@ import java.util.Map; import javax.ejb.Local; import javax.naming.ConfigurationException; -import com.cloud.api.commands.AddVpnUserCmd; -import com.cloud.api.commands.AssignToLoadBalancerRuleCmd; -import com.cloud.api.commands.CreateLoadBalancerRuleCmd; -import com.cloud.api.commands.CreatePortForwardingRuleCmd; -import com.cloud.api.commands.CreateRemoteAccessVpnCmd; -import com.cloud.api.commands.DeleteLoadBalancerRuleCmd; -import com.cloud.api.commands.DeleteRemoteAccessVpnCmd; +import org.apache.log4j.Logger; + +import com.cloud.api.commands.ListIpForwardingRulesCmd; import com.cloud.api.commands.ListPortForwardingRulesCmd; -import com.cloud.api.commands.RemoveFromLoadBalancerRuleCmd; -import com.cloud.api.commands.RemoveVpnUserCmd; -import com.cloud.api.commands.UpdateLoadBalancerRuleCmd; -import com.cloud.exception.ConcurrentOperationException; +import com.cloud.event.EventTypes; +import com.cloud.event.EventUtils; +import com.cloud.event.EventVO; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceUnavailableException; -import com.cloud.network.FirewallRuleVO; -import com.cloud.network.LoadBalancerVO; -import com.cloud.network.RemoteAccessVpnVO; -import com.cloud.network.VpnUserVO; +import com.cloud.network.IPAddressVO; +import com.cloud.network.IpAddress; +import com.cloud.network.Network; +import com.cloud.network.NetworkManager; +import com.cloud.network.dao.FirewallRulesDao; +import com.cloud.network.dao.IPAddressDao; +import com.cloud.network.rules.FirewallRule.State; +import com.cloud.network.rules.dao.PortForwardingRulesDao; +import com.cloud.offering.NetworkOffering.GuestIpType; +import com.cloud.user.Account; +import com.cloud.user.AccountManager; +import com.cloud.user.UserContext; +import com.cloud.uservm.UserVm; +import com.cloud.utils.component.Inject; import com.cloud.utils.component.Manager; -import com.cloud.vm.DomainRouterVO; +import com.cloud.utils.exception.CloudRuntimeException; +import com.cloud.utils.net.Ip; +import com.cloud.utils.net.NetUtils; +import com.cloud.vm.Nic; +import com.cloud.vm.UserVmVO; +import com.cloud.vm.dao.UserVmDao; @Local(value=RulesManager.class) -public class RulesManagerImpl implements RulesManager, Manager { +public class RulesManagerImpl implements RulesManager, RulesService, Manager { + private static final Logger s_logger = Logger.getLogger(RulesManagerImpl.class); String _name; + + @Inject PortForwardingRulesDao _forwardingDao; + @Inject FirewallRulesDao _firewallDao; + @Inject IPAddressDao _ipAddressDao; + @Inject UserVmDao _vmDao; + @Inject AccountManager _accountMgr; + @Inject NetworkManager _networkMgr; + + @Override + public void detectRulesConflict(FirewallRule newRule, IpAddress ipAddress) throws NetworkRuleConflictException { + assert newRule.getSourceIpAddress().equals(ipAddress.getAddress()) : "You passed in an ip address that doesn't match the address in the new rule"; + + List rules = _firewallDao.listByIpAndNotRevoked(newRule.getSourceIpAddress()); + assert (rules.size() >= 1) : "For network rules, we now always first persist the rule and then check for network conflicts so we should at least have one rule at this point."; + + if (ipAddress.isOneToOneNat() && rules.size() > 1) { + throw new NetworkRuleConflictException("There are already rules in existence for the " + newRule.getSourceIpAddress()); + } + + for (FirewallRuleVO rule : rules) { + if (rule.getId() == newRule.getId()) { + continue; // Skips my own rule. + } + if (rule.getNetworkId() != newRule.getNetworkId() && rule.getState() != State.Revoke) { + throw new NetworkRuleConflictException("New rule is for a different network than what's specified in rule " + rule.getXid()); + } + if (rule.getProtocol().equals(NetUtils.NAT_PROTO)) { + throw new NetworkRuleConflictException("There is already a one to one NAT specified for " + newRule.getSourceIpAddress()); + } + if ((rule.getSourcePortStart() <= newRule.getSourcePortStart() && rule.getSourcePortEnd() >= newRule.getSourcePortStart()) || + (rule.getSourcePortStart() <= newRule.getSourcePortEnd() && rule.getSourcePortEnd() >= newRule.getSourcePortEnd()) || + (newRule.getSourcePortStart() <= rule.getSourcePortStart() && newRule.getSourcePortEnd() >= rule.getSourcePortStart()) || + (newRule.getSourcePortStart() <= rule.getSourcePortEnd() && newRule.getSourcePortEnd() >= rule.getSourcePortEnd())) { + throw new NetworkRuleConflictException("The range specified, " + newRule.getSourcePortStart() + "-" + newRule.getSourcePortEnd() + ", conflicts with rule " + rule.getId() + " which has " + rule.getSourcePortStart() + "-" + rule.getSourcePortEnd()); + } + } + + if (s_logger.isDebugEnabled()) { + s_logger.debug("No network rule conflicts detected for " + newRule + " against " + (rules.size() - 1) + " existing rules"); + } + + } + + @Override + public void checkIpAndUserVm(IpAddress ipAddress, UserVm userVm, Account caller) throws InvalidParameterValueException, PermissionDeniedException { + if (ipAddress == null || ipAddress.getAllocated() == null || ipAddress.getAccountId() == null) { + throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid IP address specified."); + } + + if (userVm == null) { + return; + } + + _accountMgr.checkAccess(caller, userVm); + + // validate that IP address and userVM belong to the same account + if (ipAddress.getAccountId().longValue() != userVm.getAccountId()) { + throw new InvalidParameterValueException("Unable to create ip forwarding rule, IP address " + ipAddress + " owner is not the same as owner of virtual machine " + userVm.toString()); + } + + // validate that userVM is in the same availability zone as the IP address + if (ipAddress.getDataCenterId() != userVm.getDataCenterId()) { + throw new InvalidParameterValueException("Unable to create ip forwarding rule, IP address " + ipAddress + " is not in the same availability zone as virtual machine " + userVm.toString()); + } + } + + @Override + public PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Account caller) throws NetworkRuleConflictException { + String ipAddr = rule.getSourceIpAddress().addr(); + + IPAddressVO ipAddress = _ipAddressDao.findById(ipAddr); + + Ip dstIp = rule.getDestinationIpAddress(); + long networkId = rule.getNetworkId(); + UserVmVO vm = null; + Network network = null; + if (vmId != null) { + // validate user VM exists + vm = _vmDao.findById(vmId); + if (vm == null) { + throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + vmId + ")."); + } + + dstIp = null; + List nics = _networkMgr.getNics(vm); + for (Nic nic : nics) { + Network ntwk = _networkMgr.getNetwork(nic.getNetworkId()); + if (ntwk.getGuestType() == GuestIpType.Virtualized) { + network = ntwk; + dstIp = new Ip(nic.getIp4Address()); + break; + } + } + + if (network == null) { + throw new CloudRuntimeException("Unable to find ip address to map to in " + vmId); + } + } else { + network = _networkMgr.getNetwork(rule.getNetworkId()); + if (network == null) { + throw new InvalidParameterValueException("Unable to get the network " + rule.getNetworkId()); + } + } + + networkId = network.getId(); + long accountId = network.getAccountId(); + long domainId = network.getDomainId(); + + checkIpAndUserVm(ipAddress, vm, caller); + + PortForwardingRuleVO newRule = + new PortForwardingRuleVO(rule.getXid(), + rule.getSourceIpAddress(), + rule.getSourcePortStart(), + rule.getSourcePortEnd(), + dstIp, + rule.getDestinationPortStart(), + rule.getDestinationPortEnd(), + rule.getProtocol(), + networkId, + accountId, + domainId); + newRule = _forwardingDao.persist(newRule); + + boolean success = false; + try { + detectRulesConflict(newRule, ipAddress); + if (!_firewallDao.setStateToAdd(newRule)) { + throw new CloudRuntimeException("Unable to update the state to add for " + newRule); + } + + success = true; + return newRule; + } catch (Exception e) { + _forwardingDao.remove(newRule.getId()); + if (e instanceof NetworkRuleConflictException) { + throw (NetworkRuleConflictException)e; + } + + throw new CloudRuntimeException("Unable to add rule for " + newRule.getSourceIpAddress(), e); + } finally { + // Save and create the event + String description; + String ruleName = "ip forwarding"; + String level = EventVO.LEVEL_INFO; + + if (success == true) { + description = "created new " + ruleName + " rule [" + newRule.getSourceIpAddress() + ":" + newRule.getSourcePortStart() + "]->[" + + newRule.getDestinationIpAddress() + ":" + newRule.getDestinationPortStart() + "]" + " " + newRule.getProtocol(); + } else { + level = EventVO.LEVEL_ERROR; + description = "failed to create new " + ruleName + " rule [" + newRule.getSourceIpAddress() + ":" + newRule.getSourcePortStart() + "]->[" + + newRule.getDestinationIpAddress() + ":" + newRule.getDestinationPortStart() + "]" + " " + newRule.getProtocol(); + } + + EventUtils.saveEvent(UserContext.current().getUserId(), vm.getAccountId(), level, EventTypes.EVENT_NET_RULE_ADD, description); + } + } + + protected void revokeRule(FirewallRuleVO rule, Account caller) { + _accountMgr.checkAccess(caller, rule); + + if (rule.getState() == State.Staged) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("Found a rule that is still in stage state so just removing it: " + rule); + } + _firewallDao.remove(rule.getId()); + return; + } else if (rule.getState() == State.Add) { + rule.setState(State.Revoke); + _firewallDao.update(rule.getId(), rule); + } + } + + @Override + public PortForwardingRule revokePortForwardingRule(long ruleId, boolean apply, Account caller) { + PortForwardingRuleVO rule = _forwardingDao.findById(ruleId); + if (rule == null) { + throw new InvalidParameterValueException("Unable to find " + ruleId); + } + + revokeRule(rule, caller); + if (apply) { + applyPortForwardingRules(rule.getSourceIpAddress(), true); + } + return rule; + } + + @Override + public PortForwardingRule revokePortForwardingRule(String ruleId, Account caller) { + // FIXME: Not working yet. + return null; + } + + @Override + public List listPortForwardingRules(ListPortForwardingRulesCmd cmd) { + // TODO Auto-generated method stub + return null; + } + + @Override + public PortForwardingRule createIpForwardingRuleInDb(String ipAddr, long virtualMachineId) { + // TODO Auto-generated method stub + return null; + } + + @Override + public PortForwardingRule createIpForwardingRuleOnDomr(long ruleId) { + // TODO Auto-generated method stub + return null; + } + + @Override + public boolean deleteIpForwardingRule(Long id) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean deletePortForwardingRule(Long id, boolean sysContext) { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean applyPortForwardingRules(Ip ip, boolean continueOnError) { + try { + return applyPortForwardingRules(ip, continueOnError, null); + } catch (ResourceUnavailableException e) { + s_logger.warn("Unable to reapply port forwarding rules for " + ip); + return false; + } + } + + protected boolean applyPortForwardingRules(Ip ip, boolean continueOnError, Account caller) throws ResourceUnavailableException { + List rules = _forwardingDao.listForApplication(ip); + if (rules.size() == 0) { + s_logger.debug("There are no rules to apply for " + ip); + return true; + } + + if (caller != null) { + _accountMgr.checkAccess(caller, rules.toArray(new PortForwardingRuleVO[rules.size()])); + } + + return _networkMgr.applyRules(ip, rules, continueOnError); + } + + @Override + public List searchForIpForwardingRules(ListIpForwardingRulesCmd cmd){ +// String ipAddress = cmd.getPublicIpAddress(); +// Filter searchFilter = new Filter(PortForwardingRuleVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); +// SearchCriteria sc = _firewallRulesDao.createSearchCriteria(); +// +// if (ipAddress != null) { +// sc.addAnd("publicIpAddress", SearchCriteria.Op.EQ, ipAddress); +// } +// +// //search for rules with protocol = nat +// sc.addAnd("protocol", SearchCriteria.Op.EQ, NetUtils.NAT_PROTO); +// +// return _firewallRulesDao.search(sc, searchFilter); + return null; + } + + + + @Override + public boolean applyPortForwardingRules(Ip ip, Account caller) throws ResourceUnavailableException { + return applyPortForwardingRules(ip, false, caller); + } + + @Override + public boolean applyNatRules(Ip ip, Account caller) throws ResourceUnavailableException { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean applyFirewallRules(Ip ip, Account caller) throws ResourceUnavailableException { + // TODO Auto-generated method stub + return false; + } + @Override public boolean configure(String name, Map params) throws ConfigurationException { _name = name; @@ -70,119 +365,808 @@ public class RulesManagerImpl implements RulesManager, Manager { public String getName() { return _name; } +// @Override +// public boolean updateFirewallRule(final PortForwardingRuleVO rule, String oldPrivateIP, String oldPrivatePort) { +// +// final IPAddressVO ipVO = _ipAddressDao.findById(rule.getSourceIpAddress()); +// if (ipVO == null || ipVO.getAllocated() == null) { +// return false; +// } +// +// final DomainRouterVO router = _routerMgr.getRouter(ipVO.getAccountId(), ipVO.getDataCenterId()); +// Long hostId = router.getHostId(); +// if (router == null || router.getHostId() == null) { +// return true; +// } +// +// if (rule.isForwarding()) { +// return updatePortForwardingRule(rule, router, hostId, oldPrivateIP, oldPrivatePort); +// } else if (rule.getGroupId() != null) { +// final List fwRules = _rulesDao.listIPForwardingForLB(ipVO.getAccountId(), ipVO.getDataCenterId()); +// +// return updateLoadBalancerRules(fwRules, router, hostId); +// } +// return true; +// } +// +// @Override +// public List updateFirewallRules(final String publicIpAddress, final List fwRules, final DomainRouterVO router) { +// final List result = new ArrayList(); +// if (fwRules.size() == 0) { +// return result; +// } +// +// if (router == null || router.getHostId() == null) { +// return fwRules; +// } else { +// final HostVO host = _hostDao.findById(router.getHostId()); +// return updateFirewallRules(host, router.getInstanceName(), router.getPrivateIpAddress(), fwRules); +// } +// } +// +// public List updateFirewallRules(final HostVO host, final String routerName, final String routerIp, final List fwRules) { +// final List result = new ArrayList(); +// if (fwRules.size() == 0) { +// s_logger.debug("There are no firewall rules"); +// return result; +// } +// +// Commands cmds = new Commands(OnError.Continue); +// final List lbRules = new ArrayList(); +// final List fwdRules = new ArrayList(); +// +// int i=0; +// for (PortForwardingRuleVO rule : fwRules) { +// // Determine the VLAN ID and netmask of the rule's public IP address +// IPAddressVO ip = _ipAddressDao.findById(rule.getSourceIpAddress()); +// VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId())); +// String vlanNetmask = vlan.getVlanNetmask(); +// rule.setVlanNetmask(vlanNetmask); +// +// if (rule.isForwarding()) { +// fwdRules.add(rule); +// final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(routerName, routerIp,rule, false); +// cmds.addCommand(cmd); +// } else if (rule.getGroupId() != null){ +// lbRules.add(rule); +// } +// +// } +// if (lbRules.size() > 0) { //at least one load balancer rule +// final LoadBalancerConfigurator cfgrtr = new HAProxyConfigurator(); +// final String [] cfg = cfgrtr.generateConfiguration(fwRules); +// final String [][] addRemoveRules = cfgrtr.generateFwRules(fwRules); +// final LoadBalancerCfgCommand cmd = new LoadBalancerCfgCommand(cfg, addRemoveRules, routerName, routerIp); +// cmds.addCommand(cmd); +// } +// if (cmds.size() == 0) { +// return result; +// } +// Answer [] answers = null; +// try { +// answers = _agentMgr.send(host.getId(), cmds); +// } catch (final AgentUnavailableException e) { +// s_logger.warn("agent unavailable", e); +// } catch (final OperationTimedoutException e) { +// s_logger.warn("Timed Out", e); +// } +// if (answers == null ){ +// return result; +// } +// i=0; +// for (final PortForwardingRuleVO rule:fwdRules){ +// final Answer ans = answers[i++]; +// if (ans != null) { +// if (ans.getResult()) { +// result.add(rule); +// } else { +// s_logger.warn("Unable to update firewall rule: " + rule.toString()); +// } +// } +// } +// if (i == (answers.length-1)) { +// final Answer lbAnswer = answers[i]; +// if (lbAnswer.getResult()) { +// result.addAll(lbRules); +// } else { +// s_logger.warn("Unable to update lb rules."); +// } +// } +// return result; +// } +// +// private boolean updatePortForwardingRule(final PortForwardingRuleVO rule, final DomainRouterVO router, Long hostId, String oldPrivateIP, String oldPrivatePort) { +// IPAddressVO ip = _ipAddressDao.findById(rule.getSourceIpAddress()); +// VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId())); +// rule.setVlanNetmask(vlan.getVlanNetmask()); +// +// final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(router.getInstanceName(), router.getPrivateIpAddress(), rule, oldPrivateIP, oldPrivatePort); +// final Answer ans = _agentMgr.easySend(hostId, cmd); +// if (ans == null) { +// return false; +// } else { +// return ans.getResult(); +// } +// } +// +// @Override +// public List updatePortForwardingRules(final List fwRules, final DomainRouterVO router, Long hostId ){ +// final List fwdRules = new ArrayList(); +// final List result = new ArrayList(); +// +// if (fwRules.size() == 0) { +// return result; +// } +// +// Commands cmds = new Commands(OnError.Continue); +// int i=0; +// for (final PortForwardingRuleVO rule: fwRules) { +// IPAddressVO ip = _ipAddressDao.findById(rule.getSourceIpAddress()); +// VlanVO vlan = _vlanDao.findById(new Long(ip.getVlanDbId())); +// String vlanNetmask = vlan.getVlanNetmask(); +// rule.setVlanNetmask(vlanNetmask); +// if (rule.isForwarding()) { +// fwdRules.add(rule); +// final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(router.getInstanceName(), router.getPrivateIpAddress(),rule, false); +// cmds.addCommand(cmd); +// } +// } +// try { +// _agentMgr.send(hostId, cmds); +// } catch (final AgentUnavailableException e) { +// s_logger.warn("agent unavailable", e); +// } catch (final OperationTimedoutException e) { +// s_logger.warn("Timed Out", e); +// } +// Answer[] answers = cmds.getAnswers(); +// if (answers == null ){ +// return result; +// } +// i=0; +// for (final PortForwardingRuleVO rule:fwdRules){ +// final Answer ans = answers[i++]; +// if (ans != null) { +// if (ans.getResult()) { +// result.add(rule); +// } +// } +// } +// return result; +// } +// +// @Override +// public PortForwardingRuleVO createPortForwardingRule(CreatePortForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException, NetworkRuleConflictException { +// // validate IP Address exists +// IPAddressVO ipAddress = _ipAddressDao.findById(cmd.getIpAddress()); +// if (ipAddress == null) { +// throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid IP address specified."); +// } +// +// // validate user VM exists +// UserVmVO userVM = _vmDao.findById(cmd.getVirtualMachineId()); +// if (userVM == null) { +// throw new InvalidParameterValueException("Unable to create port forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + cmd.getVirtualMachineId() + ")."); +// } +// +// // validate that IP address and userVM belong to the same account +// if ((ipAddress.getAccountId() == null) || (ipAddress.getAccountId().longValue() != userVM.getAccountId())) { +// throw new InvalidParameterValueException("Unable to create port forwarding rule, IP address " + ipAddress + " owner is not the same as owner of virtual machine " + userVM.toString()); +// } +// +// // validate that userVM is in the same availability zone as the IP address +// if (ipAddress.getDataCenterId() != userVM.getDataCenterId()) { +// throw new InvalidParameterValueException("Unable to create port forwarding rule, IP address " + ipAddress + " is not in the same availability zone as virtual machine " + userVM.toString()); +// } +// +// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters +// Account account = UserContext.current().getAccount(); +// if (account != null) { +// if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) { +// if (!_domainDao.isChildDomain(account.getDomainId(), userVM.getDomainId())) { +// throw new PermissionDeniedException("Unable to create port forwarding rule, IP address " + ipAddress + " to virtual machine " + cmd.getVirtualMachineId() + ", permission denied."); +// } +// } else if (account.getId() != userVM.getAccountId()) { +// throw new PermissionDeniedException("Unable to create port forwarding rule, IP address " + ipAddress + " to virtual machine " + cmd.getVirtualMachineId() + ", permission denied."); +// } +// } +// +// // set up some local variables +// String protocol = cmd.getProtocol(); +// String publicPort = cmd.getPublicPort(); +// String privatePort = cmd.getPrivatePort(); +// +// // sanity check that the vm can be applied to the load balancer +// ServiceOfferingVO offering = _serviceOfferingDao.findById(userVM.getServiceOfferingId()); +// if ((offering == null) || !GuestIpType.Virtualized.equals(offering.getGuestIpType())) { +// if (s_logger.isDebugEnabled()) { +// s_logger.debug("Unable to create port forwarding rule (" + protocol + ":" + publicPort + "->" + privatePort + ") for virtual machine " + userVM.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")"); +// } +// +// throw new IllegalArgumentException("Unable to create port forwarding rule (" + protocol + ":" + publicPort + "->" + privatePort + ") for virtual machine " + userVM.toString() + ", bad network type (" + ((offering == null) ? "null" : offering.getGuestIpType()) + ")"); +// } +// +// // check for ip address/port conflicts by checking existing forwarding and load balancing rules +// List existingRulesOnPubIp = _rulesDao.listIPForwarding(ipAddress.getAddress()); +// +// // FIXME: The mapped ports should be String, String, List since more than one proto can be mapped... +// Map>> mappedPublicPorts = new HashMap>>(); +// +// if (existingRulesOnPubIp != null) { +// for (PortForwardingRuleVO fwRule : existingRulesOnPubIp) { +// Ternary> portMappings = mappedPublicPorts.get(fwRule.getSourcePort()); +// List protocolList = null; +// if (portMappings == null) { +// protocolList = new ArrayList(); +// } else { +// protocolList = portMappings.third(); +// } +// protocolList.add(fwRule.getProtocol()); +// mappedPublicPorts.put(fwRule.getSourcePort(), new Ternary>(fwRule.getDestinationIpAddress(), fwRule.getDestinationPort(), protocolList)); +// } +// } +// +// Ternary> privateIpPort = mappedPublicPorts.get(publicPort); +// if (privateIpPort != null) { +// if (privateIpPort.first().equals(userVM.getGuestIpAddress()) && privateIpPort.second().equals(privatePort)) { +// List protocolList = privateIpPort.third(); +// for (String mappedProtocol : protocolList) { +// if (mappedProtocol.equalsIgnoreCase(protocol)) { +// if (s_logger.isDebugEnabled()) { +// s_logger.debug("skipping the creating of firewall rule " + ipAddress + ":" + publicPort + " to " + userVM.getGuestIpAddress() + ":" + privatePort + "; rule already exists."); +// } +// // already mapped +// throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort +// + " already exists, found while trying to create mapping to " + userVM.getGuestIpAddress() + ":" + privatePort + "."); +// } +// } +// } else { +// // FIXME: Will we need to refactor this for both assign port forwarding service and create port forwarding rule? +// // throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort +// // + " already exists, found while trying to create mapping to " + userVM.getGuestIpAddress() + ":" + privatePort + ((securityGroupId == null) ? "." : " from port forwarding service " +// // + securityGroupId.toString() + ".")); +// throw new NetworkRuleConflictException("An existing port forwarding service rule for " + ipAddress + ":" + publicPort +// + " already exists, found while trying to create mapping to " + userVM.getGuestIpAddress() + ":" + privatePort + "."); +// } +// } +// +// PortForwardingRuleVO newFwRule = new PortForwardingRuleVO(); +// newFwRule.setEnabled(true); +// newFwRule.setForwarding(true); +// newFwRule.setPrivatePort(privatePort); +// newFwRule.setProtocol(protocol); +// newFwRule.setPublicPort(publicPort); +// newFwRule.setPublicIpAddress(ipAddress.getAddress()); +// newFwRule.setPrivateIpAddress(userVM.getGuestIpAddress()); +// // newFwRule.setGroupId(securityGroupId); +// newFwRule.setGroupId(null); +// +// // In 1.0 the rules were always persisted when a user created a rule. When the rules get sent down +// // the stopOnError parameter is set to false, so the agent will apply all rules that it can. That +// // behavior is preserved here by persisting the rule before sending it to the agent. +// _rulesDao.persist(newFwRule); +// +// boolean success = updateFirewallRule(newFwRule, null, null); +// +// // Save and create the event +// String description; +// String ruleName = "ip forwarding"; +// String level = EventVO.LEVEL_INFO; +// +// if (success == true) { +// description = "created new " + ruleName + " rule [" + newFwRule.getSourceIpAddress() + ":" + newFwRule.getSourcePort() + "]->[" +// + newFwRule.getDestinationIpAddress() + ":" + newFwRule.getDestinationPort() + "]" + " " + newFwRule.getProtocol(); +// } else { +// level = EventVO.LEVEL_ERROR; +// description = "failed to create new " + ruleName + " rule [" + newFwRule.getSourceIpAddress() + ":" + newFwRule.getSourcePort() + "]->[" +// + newFwRule.getDestinationIpAddress() + ":" + newFwRule.getDestinationPort() + "]" + " " + newFwRule.getProtocol(); +// } +// +// EventUtils.saveEvent(UserContext.current().getUserId(), userVM.getAccountId(), level, EventTypes.EVENT_NET_RULE_ADD, description); +// +// return newFwRule; +// } +// +// @Override +// public List listPortForwardingRules(ListPortForwardingRulesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { +// String ipAddress = cmd.getIpAddress(); +// Account account = UserContext.current().getAccount(); +// +// IPAddressVO ipAddressVO = _ipAddressDao.findById(ipAddress); +// if (ipAddressVO == null) { +// throw new InvalidParameterValueException("Unable to find IP address " + ipAddress); +// } +// +// Account addrOwner = _accountDao.findById(ipAddressVO.getAccountId()); +// +// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters +// if ((account != null) && isAdmin(account.getType())) { +// if (ipAddressVO.getAccountId() != null) { +// if ((addrOwner != null) && !_domainDao.isChildDomain(account.getDomainId(), addrOwner.getDomainId())) { +// throw new PermissionDeniedException("Unable to list port forwarding rules for address " + ipAddress + ", permission denied for account " + account.getId()); +// } +// } +// } else { +// if (account != null) { +// if ((ipAddressVO.getAccountId() == null) || (account.getId() != ipAddressVO.getAccountId().longValue())) { +// throw new PermissionDeniedException("Unable to list port forwarding rules for address " + ipAddress + ", permission denied for account " + account.getId()); +// } +// } +// } +// +// return _rulesDao.listIPForwarding(cmd.getIpAddress(), true); +// } + +// @Override @DB +// public boolean deletePortForwardingRule(Long id, boolean sysContext) { +// Long ruleId = id; +// Long userId = null; +// Account account = null; +// if(sysContext){ +// userId = User.UID_SYSTEM; +// account = _accountDao.findById(User.UID_SYSTEM); +// }else{ +// userId = UserContext.current().getUserId(); +// account = UserContext.current().getAccount(); +// } +// +// +// //verify input parameters here +// PortForwardingRuleVO rule = _firewallRulesDao.findById(ruleId); +// if (rule == null) { +// throw new InvalidParameterValueException("Unable to find port forwarding rule " + ruleId); +// } +// +// String publicIp = rule.getSourceIpAddress(); +// String privateIp = rule.getDestinationIpAddress(); +// +// IPAddressVO ipAddress = _ipAddressDao.findById(publicIp); +// if (ipAddress == null) { +// throw new InvalidParameterValueException("Unable to find IP address for port forwarding rule " + ruleId); +// } +// +// // although we are not writing these values to the DB, we will check +// // them out of an abundance +// // of caution (may not be warranted) +// String privatePort = rule.getDestinationPort(); +// String publicPort = rule.getSourcePort(); +// if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) { +// throw new InvalidParameterValueException("Invalid value for port"); +// } +// +// String proto = rule.getProtocol(); +// if (!NetUtils.isValidProto(proto)) { +// throw new InvalidParameterValueException("Invalid protocol"); +// } +// +// Account ruleOwner = _accountDao.findById(ipAddress.getAccountId()); +// if (ruleOwner == null) { +// throw new InvalidParameterValueException("Unable to find owning account for port forwarding rule " + ruleId); +// } +// +// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters +// if (account != null) { +// if (isAdmin(account.getType())) { +// if (!_domainDao.isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) { +// throw new PermissionDeniedException("Unable to delete port forwarding rule " + ruleId + ", permission denied."); +// } +// } else if (account.getId() != ruleOwner.getId()) { +// throw new PermissionDeniedException("Unable to delete port forwarding rule " + ruleId + ", permission denied."); +// } +// } +// +// Transaction txn = Transaction.currentTxn(); +// boolean locked = false; +// boolean success = false; +// try { +// +// IPAddressVO ipVO = _ipAddressDao.acquireInLockTable(publicIp); +// if (ipVO == null) { +// // throw this exception because hackers can use the api to probe for allocated ips +// throw new PermissionDeniedException("User does not own supplied address"); +// } +// +// locked = true; +// txn.start(); +// List fwdings = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, proto); +// PortForwardingRuleVO fwRule = null; +// if (fwdings.size() == 0) { +// throw new InvalidParameterValueException("No such rule"); +// } else if (fwdings.size() == 1) { +// fwRule = fwdings.get(0); +// if (fwRule.getDestinationIpAddress().equalsIgnoreCase(privateIp) && fwRule.getDestinationPort().equals(privatePort)) { +// _firewallRulesDao.expunge(fwRule.getId()); +// } else { +// throw new InvalidParameterValueException("No such rule"); +// } +// } else { +// throw new CloudRuntimeException("Multiple matches. Please contact support"); +// } +// fwRule.setEnabled(false); +// success = updateFirewallRule(fwRule, null, null); +// +// String description; +// String type = EventTypes.EVENT_NET_RULE_DELETE; +// String level = EventVO.LEVEL_INFO; +// String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer"; +// +// if (success) { +// description = "deleted " + ruleName + " rule [" + publicIp + ":" + rule.getSourcePort() + "]->[" + rule.getDestinationIpAddress() + ":" +// + rule.getDestinationPort() + "] " + rule.getProtocol(); +// } else { +// level = EventVO.LEVEL_ERROR; +// description = "Error while deleting " + ruleName + " rule [" + publicIp + ":" + rule.getSourcePort() + "]->[" + rule.getDestinationIpAddress() + ":" +// + rule.getDestinationPort() + "] " + rule.getProtocol(); +// } +// EventUtils.saveEvent(userId, ipAddress.getAccountId(), level, type, description); +// txn.commit(); +// }catch (Exception ex) { +// txn.rollback(); +// s_logger.error("Unexpected exception deleting port forwarding rule " + ruleId, ex); +// return false; +// }finally { +// if (locked) { +// _ipAddressDao.releaseFromLockTable(publicIp); +// } +// txn.close(); +// } +// return success; +// } +// @Override @DB +// public PortForwardingRule createIpForwardingRuleOnDomr(long ruleId) { +// Transaction txn = Transaction.currentTxn(); +// txn.start(); +// boolean success = false; +// PortForwardingRuleVO rule = null; +// IPAddressVO ipAddress = null; +// boolean locked = false; +// try { +// //get the rule +// rule = _rulesDao.findById(ruleId); +// +// if(rule == null){ +// throw new PermissionDeniedException("Cannot create ip forwarding rule in db"); +// } +// +// //get ip address +// ipAddress = _ipAddressDao.findById(rule.getSourceIpAddress()); +// if (ipAddress == null) { +// throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid IP address specified."); +// } +// +// //sync point +// ipAddress = _ipAddressDao.acquireInLockTable(ipAddress.getAddress()); +// +// if(ipAddress == null){ +// s_logger.warn("Unable to acquire lock on ipAddress for creating 1-1 NAT rule"); +// return rule; +// }else{ +// locked = true; +// } +// +// //get the domain router object +// DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId()); +// success = createOrDeleteIpForwardingRuleOnDomr(rule,router,rule.getDestinationIpAddress(),true); //true +> create +// +// if(!success){ +// //corner case; delete record from db as domR rule creation failed +// _rulesDao.remove(ruleId); +// throw new PermissionDeniedException("Cannot create ip forwarding rule on domr, hence deleting created record in db"); +// } +// +// //update the user_ip_address record +// ipAddress.setOneToOneNat(true); +// _ipAddressDao.update(ipAddress.getAddress(),ipAddress); +// +// // Save and create the event +// String description; +// String ruleName = "ip forwarding"; +// String level = EventVO.LEVEL_INFO; +// +// description = "created new " + ruleName + " rule [" + rule.getSourceIpAddress() + "]->[" +// + rule.getDestinationIpAddress() + "]" + ":" + rule.getProtocol(); +// +// EventUtils.saveEvent(UserContext.current().getUserId(), ipAddress.getAccountId(), level, EventTypes.EVENT_NET_RULE_ADD, description); +// txn.commit(); +// } catch (Exception e) { +// txn.rollback(); +// throw new ServerApiException(BaseCmd.INTERNAL_ERROR, e.getMessage()); +// }finally{ +// if(locked){ +// _ipAddressDao.releaseFromLockTable(ipAddress.getAddress()); +// } +// } +// return rule; +// } +// +// @Override @DB +// public PortForwardingRule createIpForwardingRuleInDb(String ipAddr, long virtualMachineId) { +// +// Transaction txn = Transaction.currentTxn(); +// txn.start(); +// UserVmVO userVM = null; +// PortForwardingRuleVO newFwRule = null; +// boolean locked = false; +// try { +// // validate IP Address exists +// IPAddressVO ipAddress = _ipAddressDao.findById(ipAddr); +// if (ipAddress == null) { +// throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid IP address specified."); +// } +// +// // validate user VM exists +// userVM = _vmDao.findById(virtualMachineId); +// if (userVM == null) { +// throw new InvalidParameterValueException("Unable to create ip forwarding rule on address " + ipAddress + ", invalid virtual machine id specified (" + virtualMachineId + ")."); +// } +// +// //sync point; cannot lock on rule ; hence sync on vm +// userVM = _vmDao.acquireInLockTable(userVM.getId()); +// +// if(userVM == null){ +// s_logger.warn("Unable to acquire lock on user vm for creating 1-1 NAT rule"); +// return newFwRule; +// }else{ +// locked = true; +// } +// +// // validate that IP address and userVM belong to the same account +// if ((ipAddress.getAccountId() == null) || (ipAddress.getAccountId().longValue() != userVM.getAccountId())) { +// throw new InvalidParameterValueException("Unable to create ip forwarding rule, IP address " + ipAddress + " owner is not the same as owner of virtual machine " + userVM.toString()); +// } +// +// // validate that userVM is in the same availability zone as the IP address +// if (ipAddress.getDataCenterId() != userVM.getDataCenterId()) { +// throw new InvalidParameterValueException("Unable to create ip forwarding rule, IP address " + ipAddress + " is not in the same availability zone as virtual machine " + userVM.toString()); +// } +// +// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters +// Account account = UserContext.current().getAccount(); +// if (account != null) { +// if ((account.getType() == Account.ACCOUNT_TYPE_ADMIN) || (account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)) { +// if (!_domainDao.isChildDomain(account.getDomainId(), userVM.getDomainId())) { +// throw new PermissionDeniedException("Unable to create ip forwarding rule, IP address " + ipAddress + " to virtual machine " + virtualMachineId + ", permission denied."); +// } +// } else if (account.getId() != userVM.getAccountId()) { +// throw new PermissionDeniedException("Unable to create ip forwarding rule, IP address " + ipAddress + " to virtual machine " + virtualMachineId + ", permission denied."); +// } +// } +// +// // check for ip address/port conflicts by checking existing forwarding and load balancing rules +// List existingNatRules = _rulesDao.findByPublicIpPrivateIpForNatRule(ipAddr, userVM.getGuestIpAddress()); +// +// if(existingNatRules.size() > 0){ +// throw new NetworkRuleConflictException("The specified rule for public ip:"+ipAddr+" vm id:"+virtualMachineId+" already exists"); +// } +// +// //if given ip address is already source nat, return error +// if(ipAddress.isSourceNat()){ +// throw new PermissionDeniedException("Cannot create a static nat rule for the ip:"+ipAddress.getAddress()+" ,this is already a source nat ip address"); +// } +// +// //if given ip address is already static nat, return error +// if(ipAddress.isOneToOneNat()){ +// throw new PermissionDeniedException("Cannot create a static nat rule for the ip:"+ipAddress.getAddress()+" ,this is already a static nat ip address"); +// } +// +// newFwRule = new PortForwardingRuleVO(); +// newFwRule.setEnabled(true); +// newFwRule.setForwarding(true); +// newFwRule.setPrivatePort(null); +// newFwRule.setProtocol(NetUtils.NAT_PROTO);//protocol cannot be null; adding this as a NAT +// newFwRule.setPublicPort(null); +// newFwRule.setPublicIpAddress(ipAddress.getAddress()); +// newFwRule.setPrivateIpAddress(userVM.getGuestIpAddress()); +// newFwRule.setGroupId(null); +// +// _rulesDao.persist(newFwRule); +// txn.commit(); +// } catch (Exception e) { +// s_logger.warn("Unable to create new firewall rule for 1:1 NAT"); +// txn.rollback(); +// throw new ServerApiException(BaseCmd.INTERNAL_ERROR,"Unable to create new firewall rule for 1:1 NAT:"+e.getMessage()); +// }finally{ +// if(locked) { +// _vmDao.releaseFromLockTable(userVM.getId()); +// } +// } +// +// return newFwRule; +// } +// +// @Override @DB +// public boolean deleteIpForwardingRule(Long id) { +// Long ruleId = id; +// Long userId = UserContext.current().getUserId(); +// Account account = UserContext.current().getAccount(); +// +// //verify input parameters here +// PortForwardingRuleVO rule = _firewallRulesDao.findById(ruleId); +// if (rule == null) { +// throw new InvalidParameterValueException("Unable to find port forwarding rule " + ruleId); +// } +// +// String publicIp = rule.getSourceIpAddress(); +// +// +// IPAddressVO ipAddress = _ipAddressDao.findById(publicIp); +// if (ipAddress == null) { +// throw new InvalidParameterValueException("Unable to find IP address for ip forwarding rule " + ruleId); +// } +// +// // although we are not writing these values to the DB, we will check +// // them out of an abundance +// // of caution (may not be warranted) +// +// Account ruleOwner = _accountDao.findById(ipAddress.getAccountId()); +// if (ruleOwner == null) { +// throw new InvalidParameterValueException("Unable to find owning account for ip forwarding rule " + ruleId); +// } +// +// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters +// if (account != null) { +// if (isAdmin(account.getType())) { +// if (!_domainDao.isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) { +// throw new PermissionDeniedException("Unable to delete ip forwarding rule " + ruleId + ", permission denied."); +// } +// } else if (account.getId() != ruleOwner.getId()) { +// throw new PermissionDeniedException("Unable to delete ip forwarding rule " + ruleId + ", permission denied."); +// } +// } +// +// Transaction txn = Transaction.currentTxn(); +// boolean locked = false; +// boolean success = false; +// try { +// +// ipAddress = _ipAddressDao.acquireInLockTable(publicIp); +// if (ipAddress == null) { +// throw new PermissionDeniedException("Unable to obtain lock on record for deletion"); +// } +// +// locked = true; +// txn.start(); +// +// final DomainRouterVO router = _routerMgr.getRouter(ipAddress.getAccountId(), ipAddress.getDataCenterId()); +// success = createOrDeleteIpForwardingRuleOnDomr(rule, router, rule.getDestinationIpAddress(), false); +// _firewallRulesDao.remove(ruleId); +// +// //update the ip_address record +// ipAddress.setOneToOneNat(false); +// _ipAddressDao.persist(ipAddress); +// +// String description; +// String type = EventTypes.EVENT_NET_RULE_DELETE; +// String level = EventVO.LEVEL_INFO; +// String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer"; +// +// if (success) { +// description = "deleted " + ruleName + " rule [" + publicIp +"]->[" + rule.getDestinationIpAddress() + "] " + rule.getProtocol(); +// } else { +// level = EventVO.LEVEL_ERROR; +// description = "Error while deleting " + ruleName + " rule [" + publicIp + "]->[" + rule.getDestinationIpAddress() +"] " + rule.getProtocol(); +// } +// EventUtils.saveEvent(userId, ipAddress.getAccountId(), level, type, description); +// txn.commit(); +// }catch (Exception ex) { +// txn.rollback(); +// s_logger.error("Unexpected exception deleting port forwarding rule " + ruleId, ex); +// return false; +// }finally { +// if (locked) { +// _ipAddressDao.releaseFromLockTable(publicIp); +// } +// txn.close(); +// } +// return success; +// } +// +// private boolean createOrDeleteIpForwardingRuleOnDomr(PortForwardingRuleVO fwRule, DomainRouterVO router, String guestIp, boolean create){ +// +// Commands cmds = new Commands(OnError.Continue); +// final SetFirewallRuleCommand cmd = new SetFirewallRuleCommand(router.getInstanceName(), router.getPrivateIpAddress(),fwRule, create); +// cmds.addCommand(cmd); +// try { +// _agentMgr.send(router.getHostId(), cmds); +// } catch (final AgentUnavailableException e) { +// s_logger.warn("agent unavailable", e); +// } catch (final OperationTimedoutException e) { +// s_logger.warn("Timed Out", e); +// } +// Answer[] answers = cmds.getAnswers(); +// if (answers == null || answers[0].getResult() == false ){ +// return false; +// }else{ +// return true; +// } +// } +// @Override +// public PortForwardingRuleVO updatePortForwardingRule(UpdatePortForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ +// String publicIp = cmd.getPublicIp(); +// String privateIp = cmd.getPrivateIp(); +// String privatePort = cmd.getPrivatePort(); +// String publicPort = cmd.getPublicPort(); +// String protocol = cmd.getProtocol(); +// Long vmId = cmd.getVirtualMachineId(); +// Long userId = UserContext.current().getUserId(); +// Account account = UserContext.current().getAccount(); +// UserVmVO userVM = null; +// +// if (userId == null) { +// userId = Long.valueOf(User.UID_SYSTEM); +// } +// +// IPAddressVO ipAddressVO = findIPAddressById(publicIp); +// if (ipAddressVO == null) { +// throw new InvalidParameterValueException("Unable to find IP address " + publicIp); +// } +// +// if (ipAddressVO.getAccountId() == null) { +// throw new InvalidParameterValueException("Unable to update port forwarding rule, owner of IP address " + publicIp + " not found."); +// } +// +// if (privateIp != null) { +// if (!NetUtils.isValidIp(privateIp)) { +// throw new InvalidParameterValueException("Invalid private IP address specified: " + privateIp); +// } +// Criteria c = new Criteria(); +// c.addCriteria(Criteria.ACCOUNTID, new Object[] {ipAddressVO.getAccountId()}); +// c.addCriteria(Criteria.DATACENTERID, ipAddressVO.getDataCenterId()); +// c.addCriteria(Criteria.IPADDRESS, privateIp); +// List userVMs = searchForUserVMs(c); +// if ((userVMs == null) || userVMs.isEmpty()) { +// throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp + ", no virtual machine instances running with that address."); +// } +// userVM = userVMs.get(0); +// } else if (vmId != null) { +// userVM = findUserVMInstanceById(vmId); +// if (userVM == null) { +// throw new InvalidParameterValueException("Unable to find virtual machine with id " + vmId); +// } +// +// if ((ipAddressVO.getAccountId() == null) || (ipAddressVO.getAccountId().longValue() != userVM.getAccountId())) { +// throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); +// } +// +// if (ipAddressVO.getDataCenterId() != userVM.getDataCenterId()) { +// throw new PermissionDeniedException("Unable to update port forwarding rule, IP address " + publicIp + " is not in the same availability zone as virtual machine " + userVM.toString()); +// } +// +// privateIp = userVM.getGuestIpAddress(); +// } else { +// throw new InvalidParameterValueException("No private IP address (privateip) or virtual machine instance id (virtualmachineid) specified, unable to update port forwarding rule"); +// } +// +// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters +// if (account != null) { +// if (isAdmin(account.getType())) { +// if (!_domainDao.isChildDomain(account.getDomainId(), ipAddressVO.getDomainId())) { +// throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); +// } +// } else if (account.getId() != ipAddressVO.getAccountId()) { +// throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); +// } +// } +// +// List fwRules = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, protocol); +// if ((fwRules != null) && (fwRules.size() == 1)) { +// PortForwardingRuleVO fwRule = fwRules.get(0); +// String oldPrivateIP = fwRule.getDestinationIpAddress(); +// String oldPrivatePort = fwRule.getDestinationPort(); +// fwRule.setPrivateIpAddress(privateIp); +// fwRule.setPrivatePort(privatePort); +// _firewallRulesDao.update(fwRule.getId(), fwRule); +// _networkMgr.updateFirewallRule(fwRule, oldPrivateIP, oldPrivatePort); +// return fwRule; +// }else{ +// s_logger.warn("Unable to find the rule to be updated for public ip:public port"+publicIp+":"+publicPort+ "private ip:private port:"+privateIp+":"+privatePort); +// throw new InvalidParameterValueException("Unable to find the rule to be updated for public ip:public port"+publicIp+":"+publicPort+ " private ip:private port:"+privateIp+":"+privatePort); +// } +// } +// +// @Override +// public PortForwardingRuleVO findForwardingRuleById(Long ruleId) { +// return _firewallRulesDao.findById(ruleId); +// } - @Override - public List updatePortForwardingRules(List fwRules, DomainRouterVO router, Long hostId) { - // TODO Auto-generated method stub - return null; - } - @Override - public boolean updateLoadBalancerRules(List fwRules, DomainRouterVO router, Long hostId) { - // TODO Auto-generated method stub - return false; - } - - @Override - public List updateFirewallRules(String publicIpAddress, List fwRules, DomainRouterVO router) { - // TODO Auto-generated method stub - return null; - } - - @Override - public FirewallRuleVO createPortForwardingRule(CreatePortForwardingRuleCmd cmd) throws NetworkRuleConflictException { - // TODO Auto-generated method stub - return null; - } - - @Override - public List listPortForwardingRules(ListPortForwardingRulesCmd cmd) { - // TODO Auto-generated method stub - return null; - } - - @Override - public LoadBalancerVO createLoadBalancerRule(CreateLoadBalancerRuleCmd cmd) { - // TODO Auto-generated method stub - return null; - } - - @Override - public boolean updateFirewallRule(FirewallRuleVO fwRule, String oldPrivateIP, String oldPrivatePort) { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean assignToLoadBalancer(AssignToLoadBalancerRuleCmd cmd) throws NetworkRuleConflictException { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean removeFromLoadBalancer(RemoveFromLoadBalancerRuleCmd cmd) { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean deleteLoadBalancerRule(DeleteLoadBalancerRuleCmd cmd) { - // TODO Auto-generated method stub - return false; - } - - @Override - public LoadBalancerVO updateLoadBalancerRule(UpdateLoadBalancerRuleCmd cmd) { - // TODO Auto-generated method stub - return null; - } - - @Override - public RemoteAccessVpnVO createRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, InvalidParameterValueException, - PermissionDeniedException { - // TODO Auto-generated method stub - return null; - } - - @Override - public RemoteAccessVpnVO startRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, ResourceUnavailableException { - // TODO Auto-generated method stub - return null; - } - - @Override - public boolean destroyRemoteAccessVpn(DeleteRemoteAccessVpnCmd cmd) throws ConcurrentOperationException { - // TODO Auto-generated method stub - return false; - } - - @Override - public VpnUserVO addVpnUser(AddVpnUserCmd cmd) throws ConcurrentOperationException { - // TODO Auto-generated method stub - return null; - } - - @Override - public boolean removeVpnUser(RemoveVpnUserCmd cmd) throws ConcurrentOperationException { - // TODO Auto-generated method stub - return false; - } - - @Override - public FirewallRuleVO createIpForwardingRuleInDb(String ipAddr, Long virtualMachineId) { - // TODO Auto-generated method stub - return null; - } - - @Override - public boolean deletePortForwardingRule(Long id, boolean sysContext) { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean deleteIpForwardingRule(Long id) { - // TODO Auto-generated method stub - return false; - } } diff --git a/server/src/com/cloud/network/rules/dao/PortForwardingRuleDaoImpl.java b/server/src/com/cloud/network/rules/dao/PortForwardingRuleDaoImpl.java new file mode 100644 index 00000000000..a4a45f8c0a5 --- /dev/null +++ b/server/src/com/cloud/network/rules/dao/PortForwardingRuleDaoImpl.java @@ -0,0 +1,57 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.network.rules.dao; + +import java.util.List; + +import javax.ejb.Local; + +import com.cloud.network.rules.FirewallRule.State; +import com.cloud.network.rules.PortForwardingRuleVO; +import com.cloud.utils.db.GenericDaoBase; +import com.cloud.utils.db.SearchBuilder; +import com.cloud.utils.db.SearchCriteria; +import com.cloud.utils.db.SearchCriteria.Op; +import com.cloud.utils.net.Ip; + +@Local(value=PortForwardingRulesDao.class) +public class PortForwardingRuleDaoImpl extends GenericDaoBase implements PortForwardingRulesDao { + + protected final SearchBuilder AllFieldsSearch; + protected final SearchBuilder ApplicationSearch; + + protected PortForwardingRuleDaoImpl() { + super(); + AllFieldsSearch = createSearchBuilder(); + AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ); + AllFieldsSearch.done(); + + ApplicationSearch = createSearchBuilder(); + ApplicationSearch.and("ip", ApplicationSearch.entity().getSourceIpAddress(), Op.EQ); + ApplicationSearch.and("state", ApplicationSearch.entity().getState(), Op.NEQ); + } + + @Override + public List listForApplication(Ip ip) { + SearchCriteria sc = ApplicationSearch.create(); + sc.setParameters("ip", ip); + sc.setParameters("state", State.Staged); + + return listBy(sc, null); + } +} diff --git a/server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java b/server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java new file mode 100644 index 00000000000..9156eae8e54 --- /dev/null +++ b/server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java @@ -0,0 +1,28 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.network.rules.dao; + +import java.util.List; + +import com.cloud.network.rules.PortForwardingRuleVO; +import com.cloud.utils.db.GenericDao; +import com.cloud.utils.net.Ip; + +public interface PortForwardingRulesDao extends GenericDao { + List listForApplication(Ip ip); +} diff --git a/server/src/com/cloud/server/ManagementServer.java b/server/src/com/cloud/server/ManagementServer.java index c5a0034b556..fbc22baeb30 100755 --- a/server/src/com/cloud/server/ManagementServer.java +++ b/server/src/com/cloud/server/ManagementServer.java @@ -34,9 +34,7 @@ import com.cloud.exception.InternalErrorException; import com.cloud.exception.InvalidParameterValueException; import com.cloud.host.HostVO; import com.cloud.info.ConsoleProxyInfo; -import com.cloud.network.FirewallRuleVO; import com.cloud.network.IPAddressVO; -import com.cloud.network.LoadBalancerVO; import com.cloud.network.security.NetworkGroupVO; import com.cloud.service.ServiceOfferingVO; import com.cloud.storage.DiskOfferingVO; @@ -331,13 +329,6 @@ public interface ManagementServer extends ManagementService { */ List searchForUserVMs(Criteria c); - /** - * Find a firewall rule by rule id - * @param ruleId - * @return - */ - FirewallRuleVO findForwardingRuleById(Long ruleId); - /** * Find an IP Address VO object by ip address string * @param ipAddress @@ -533,9 +524,6 @@ public interface ManagementServer extends ManagementService { AsyncJobVO findAsyncJobById(long jobId); - LoadBalancerVO findLoadBalancer(Long accountId, String name); - LoadBalancerVO findLoadBalancerById(long loadBalancerId); - String[] getApiConfig(); StoragePoolVO findPoolById(Long id); List searchForStoragePools(Criteria c); diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 573153e2b2f..11b1c51c97b 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -97,10 +97,7 @@ import com.cloud.api.commands.ListGuestOsCategoriesCmd; import com.cloud.api.commands.ListGuestOsCmd; import com.cloud.api.commands.ListHostsCmd; import com.cloud.api.commands.ListHypervisorsCmd; -import com.cloud.api.commands.ListIpForwardingRulesCmd; import com.cloud.api.commands.ListIsosCmd; -import com.cloud.api.commands.ListLoadBalancerRuleInstancesCmd; -import com.cloud.api.commands.ListLoadBalancerRulesCmd; import com.cloud.api.commands.ListPodsByCmd; import com.cloud.api.commands.ListPreallocatedLunsCmd; import com.cloud.api.commands.ListPublicIpAddressesCmd; @@ -126,7 +123,6 @@ import com.cloud.api.commands.StopSystemVmCmd; import com.cloud.api.commands.UpdateDomainCmd; import com.cloud.api.commands.UpdateIsoCmd; import com.cloud.api.commands.UpdateIsoPermissionsCmd; -import com.cloud.api.commands.UpdatePortForwardingRuleCmd; import com.cloud.api.commands.UpdateTemplateCmd; import com.cloud.api.commands.UpdateTemplateOrIsoCmd; import com.cloud.api.commands.UpdateTemplateOrIsoPermissionsCmd; @@ -192,17 +188,11 @@ import com.cloud.host.Status; import com.cloud.host.dao.HostDao; import com.cloud.hypervisor.Hypervisor.HypervisorType; import com.cloud.info.ConsoleProxyInfo; -import com.cloud.network.FirewallRuleVO; import com.cloud.network.IPAddressVO; -import com.cloud.network.LoadBalancerVMMapVO; -import com.cloud.network.LoadBalancerVO; import com.cloud.network.NetworkManager; import com.cloud.network.RemoteAccessVpnVO; import com.cloud.network.VpnUserVO; -import com.cloud.network.dao.FirewallRulesDao; import com.cloud.network.dao.IPAddressDao; -import com.cloud.network.dao.LoadBalancerDao; -import com.cloud.network.dao.LoadBalancerVMMapDao; import com.cloud.network.dao.RemoteAccessVpnDao; import com.cloud.network.dao.VpnUserDao; import com.cloud.network.security.NetworkGroupManager; @@ -305,12 +295,9 @@ public class ManagementServerImpl implements ManagementServer { private final AccountManager _accountMgr; private final AgentManager _agentMgr; private final ConfigurationManager _configMgr; - private final FirewallRulesDao _firewallRulesDao; private final NetworkGroupDao _networkSecurityGroupDao; - private final LoadBalancerDao _loadBalancerDao; private final IPAddressDao _publicIpAddressDao; private final DataCenterIpAddressDao _privateIpAddressDao; - private final LoadBalancerVMMapDao _loadBalancerVMMapDao; private final DomainRouterDao _routerDao; private final ConsoleProxyDao _consoleProxyDao; private final ClusterDao _clusterDao; @@ -413,12 +400,9 @@ public class ManagementServerImpl implements ManagementServer { _consoleProxyMgr = locator.getManager(ConsoleProxyManager.class); _secStorageVmMgr = locator.getManager(SecondaryStorageVmManager.class); _storageMgr = locator.getManager(StorageManager.class); - _firewallRulesDao = locator.getDao(FirewallRulesDao.class); _networkSecurityGroupDao = locator.getDao(NetworkGroupDao.class); - _loadBalancerDao = locator.getDao(LoadBalancerDao.class); _publicIpAddressDao = locator.getDao(IPAddressDao.class); _privateIpAddressDao = locator.getDao(DataCenterIpAddressDao.class); - _loadBalancerVMMapDao = locator.getDao(LoadBalancerVMMapDao.class); _consoleProxyDao = locator.getDao(ConsoleProxyDao.class); _secStorageVmDao = locator.getDao(SecondaryStorageVmDao.class); _userDao = locator.getDao(UserDao.class); @@ -775,24 +759,29 @@ public class ManagementServerImpl implements ManagementServer { public List listPublicIpAddressesBy(Long accountId, boolean allocatedOnly, Long zoneId, Long vlanDbId) { SearchCriteria sc = _publicIpAddressDao.createSearchCriteria(); - if (accountId != null) + if (accountId != null) { sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId); - if (zoneId != null) + } + if (zoneId != null) { sc.addAnd("dataCenterId", SearchCriteria.Op.EQ, zoneId); - if (vlanDbId != null) + } + if (vlanDbId != null) { sc.addAnd("vlanDbId", SearchCriteria.Op.EQ, vlanDbId); - if (allocatedOnly) + } + if (allocatedOnly) { sc.addAnd("allocated", SearchCriteria.Op.NNULL); + } return _publicIpAddressDao.search(sc, null); } @Override public List listPrivateIpAddressesBy(Long podId, Long zoneId) { - if (podId != null && zoneId != null) + if (podId != null && zoneId != null) { return _privateIpAddressDao.listByPodIdDcId(podId.longValue(), zoneId.longValue()); - else + } else { return new ArrayList(); + } } @Override @@ -914,8 +903,9 @@ public class ManagementServerImpl implements ManagementServer { if (asyncExecutor != null) { AsyncJobVO job = asyncExecutor.getJob(); - if (s_logger.isInfoEnabled()) + if (s_logger.isInfoEnabled()) { s_logger.info("DeployVM acquired a new instance " + vmId + ", update async job-" + job.getId() + " progress status"); + } _asyncMgr.updateAsyncJobAttachment(job.getId(), "vm_instance", vmId); _asyncMgr.updateAsyncJobStatus(job.getId(), BaseCmd.PROGRESS_INSTANCE_CREATED, vmId); @@ -1299,33 +1289,39 @@ public class ManagementServerImpl implements ManagementServer { try { return deployVirtualMachineImpl(userId, accountId, dataCenterId, serviceOfferingId, template, diskOfferingId, domain, password, displayName, group, userData, networkGroups, eventId, (1L*size*1024));//this api expects size in MB } catch (ResourceAllocationException e) { - if(s_logger.isDebugEnabled()) + if(s_logger.isDebugEnabled()) { s_logger.debug("Unable to deploy VM: " + e.getMessage()); + } EventUtils.saveEvent(userId, accountId, EventVO.LEVEL_ERROR, EventTypes.EVENT_VM_CREATE, "Unable to deploy VM: VM_INSUFFICIENT_CAPACITY", null, eventId); throw e; } catch (ExecutionException e) { - if(s_logger.isDebugEnabled()) + if(s_logger.isDebugEnabled()) { s_logger.debug("Unable to deploy VM: " + e.getMessage()); + } EventUtils.saveEvent(userId, accountId, EventVO.LEVEL_ERROR, EventTypes.EVENT_VM_CREATE, "Unable to deploy VM: VM_HOST_LICENSE_EXPIRED", null, eventId); throw e; } catch (InvalidParameterValueException e) { - if(s_logger.isDebugEnabled()) + if(s_logger.isDebugEnabled()) { s_logger.debug("Unable to deploy VM: " + e.getMessage()); + } EventUtils.saveEvent(userId, accountId, EventVO.LEVEL_ERROR, EventTypes.EVENT_VM_CREATE, "Unable to deploy VM: VM_INVALID_PARAM_ERROR", null, eventId); throw e; } catch (InsufficientStorageCapacityException e) { - if(s_logger.isDebugEnabled()) + if(s_logger.isDebugEnabled()) { s_logger.debug("Unable to deploy VM: " + e.getMessage()); + } EventUtils.saveEvent(userId, accountId, EventVO.LEVEL_ERROR, EventTypes.EVENT_VM_CREATE, "Unable to deploy VM: VM_INSUFFICIENT_CAPACITY", null, eventId); throw e; } catch (PermissionDeniedException e) { - if(s_logger.isDebugEnabled()) + if(s_logger.isDebugEnabled()) { s_logger.debug("Unable to deploy VM: " + e.getMessage()); + } EventUtils.saveEvent(userId, accountId, EventVO.LEVEL_ERROR, EventTypes.EVENT_VM_CREATE, "Unable to deploy VM: ACCOUNT_ERROR", null, eventId); throw e; } catch (ConcurrentOperationException e) { - if(s_logger.isDebugEnabled()) + if(s_logger.isDebugEnabled()) { s_logger.debug("Unable to deploy VM: " + e.getMessage()); + } EventUtils.saveEvent(userId, accountId, EventVO.LEVEL_ERROR, EventTypes.EVENT_VM_CREATE, "Unable to deploy VM: INTERNAL_ERROR", null, eventId); throw e; } catch(Exception e) { @@ -1363,10 +1359,11 @@ public class ManagementServerImpl implements ManagementServer { { while(true){ dcs.addAll(_dcDao.findZonesByDomainId(domainRecord.getId())); - if(domainRecord.getParent() != null) - domainRecord = _domainDao.findById(domainRecord.getParent()); - else - break; + if(domainRecord.getParent() != null) { + domainRecord = _domainDao.findById(domainRecord.getParent()); + } else { + break; + } } } //add all public zones too @@ -1381,10 +1378,11 @@ public class ManagementServerImpl implements ManagementServer { DomainVO localRecord = domainRecord; while(true){ dcs.addAll(_dcDao.findZonesByDomainId(localRecord.getId())); - if(localRecord.getParent() != null) - localRecord = _domainDao.findById(localRecord.getParent()); - else - break; + if(localRecord.getParent() != null) { + localRecord = _domainDao.findById(localRecord.getParent()); + } else { + break; + } } } //this covers till leaf @@ -1419,8 +1417,9 @@ public class ManagementServerImpl implements ManagementServer { break; } } - if (!found) + if (!found) { iter.remove(); + } } } } @@ -1607,20 +1606,24 @@ public class ManagementServerImpl implements ManagementServer { private boolean isPermissible(Long accountDomainId, Long offeringDomainId){ if(accountDomainId == offeringDomainId) - return true; // account and service offering in same domain + { + return true; // account and service offering in same domain + } DomainVO domainRecord = _domainDao.findById(accountDomainId); if(domainRecord != null){ while(true){ - if(domainRecord.getId() == offeringDomainId) - return true; + if(domainRecord.getId() == offeringDomainId) { + return true; + } //try and move on to the next domain - if(domainRecord.getParent() != null) - domainRecord = _domainDao.findById(domainRecord.getParent()); - else - break; + if(domainRecord.getParent() != null) { + domainRecord = _domainDao.findById(domainRecord.getParent()); + } else { + break; + } } } @@ -1762,10 +1765,12 @@ public class ManagementServerImpl implements ManagementServer { sol.addAll(_offeringsDao.search(sc, searchFilter)); //try and move on to the next domain - if(domainRecord.getParent() != null) - domainRecord = _domainDao.findById(domainRecord.getParent()); - else - break;//now we got all the offerings for this user/dom adm + if(domainRecord.getParent() != null) { + domainRecord = _domainDao.findById(domainRecord.getParent()); + } + else { + break;//now we got all the offerings for this user/dom adm + } } }else{ s_logger.error("Could not find the domainId for account:"+account.getAccountName()); @@ -1773,8 +1778,9 @@ public class ManagementServerImpl implements ManagementServer { } //add all the public offerings to the sol list before returning - if(includePublicOfferings) - sol.addAll(_offeringsDao.findPublicServiceOfferings()); + if(includePublicOfferings) { + sol.addAll(_offeringsDao.findPublicServiceOfferings()); + } return sol; } @@ -2235,8 +2241,9 @@ public class ManagementServerImpl implements ManagementServer { @Override public Account findAccountByName(String accountName, Long domainId) { - if (domainId == null) + if (domainId == null) { domainId = DomainVO.ROOT_DOMAIN; + } return _accountDao.findAccount(accountName, domainId); } @@ -2347,8 +2354,9 @@ public class ManagementServerImpl implements ManagementServer { @Override public boolean deleteLimit(Long limitId) { // A limit ID must be passed in - if (limitId == null) + if (limitId == null) { return false; + } return _resourceLimitDao.expunge(limitId); } @@ -2538,140 +2546,7 @@ public class ManagementServerImpl implements ManagementServer { public VMTemplateVO findTemplateById(long templateId) { return _templateDao.findById(templateId); } - - @Override - public List searchForIpForwardingRules(ListIpForwardingRulesCmd cmd){ - //Note:: - //The following was decided after discussing with Will - //ListIpForwardingRules with no params lists the rules for that user ; with a listAll() for admin - //ListIpForwardingRules with accountName and domainId lists the rule for that account (provided the executing user has the right perms) - //ListIpForwardingRules with ipAddress lists the rule for that ip address (provided the executing user has the right perms) - - String ipAddress = cmd.getPublicIpAddress(); - String accountName = cmd.getAccountName(); - Long domainId = cmd.getDomainId(); - Account account = null; - - if((accountName != null && domainId == null) || (accountName == null && domainId != null)){ - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Account name and domain id both have to be passed as a tuple"); - } - - if(accountName != null && domainId != null && ipAddress != null){ - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Either Account name and domain id both have to be passed as a tuple; or the ip address has to be passed whilst searching"); - } - - //account and domainId both provided case - if(accountName != null && domainId != null){ - account = _accountDao.findAccount(accountName, domainId); - if(account == null) - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Specified account for domainId:"+domainId+" account name:"+accountName+" doesn't exist"); - else{ - //get the ctxaccount to see if he has permissions - Account ctxAccount = UserContext.current().getAccount(); - - if(!isChildDomain(ctxAccount.getDomainId(), account.getDomainId())){ - throw new PermissionDeniedException("Unable to list ip forwarding rules for address " + ipAddress + ", permission denied for the executing account: " + ctxAccount.getId()+" to view rules for account: "+account.getId()); - } - - Filter searchFilter = new Filter(FirewallRuleVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); - SearchBuilder sb = _firewallRulesDao.createSearchBuilder(); - - SearchBuilder sb1 = _publicIpAddressDao.createSearchBuilder(); - sb1.and("accountId", sb1.entity().getAccountId(), SearchCriteria.Op.EQ); - sb1.and("oneToOneNat", sb1.entity().isOneToOneNat(), SearchCriteria.Op.EQ); - sb.join("sb1", sb1, sb.entity().getPublicIpAddress(),sb1.entity().getAddress(), JoinBuilder.JoinType.INNER); - - SearchCriteria sc = sb.create(); - sc.setJoinParameters("sb1","oneToOneNat", new Long(1)); - sc.setJoinParameters("sb1", "accountId", account.getId()); - - return _firewallRulesDao.search(sc, searchFilter); - } - } - if(account == null){ - account = UserContext.current().getAccount();//use user context - } - - if(account == null || account.getType() == Account.ACCOUNT_TYPE_ADMIN){ - return searchIpForwardingRulesInternal(ipAddress, cmd, null, Account.ACCOUNT_TYPE_ADMIN); - } - - if((account.getType() == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)){ - if(ipAddress != null){ - IPAddressVO ipAddressVO = _publicIpAddressDao.findById(ipAddress); - if (ipAddressVO == null) { - throw new InvalidParameterValueException("Unable to find IP address " + ipAddress); - }else{ - //check permissions - Account addrOwner = _accountDao.findById(ipAddressVO.getAccountId()); - if ((addrOwner != null) && !_domainDao.isChildDomain(account.getDomainId(), addrOwner.getDomainId())) { - throw new PermissionDeniedException("Unable to list ip forwarding rule for address " + ipAddress + ", permission denied for account " + account.getId()); - }else{ - return searchIpForwardingRulesInternal(ipAddress, cmd, null, Account.ACCOUNT_TYPE_DOMAIN_ADMIN); - } - } - }else{ - //need to list all rules visible to the domain admin - //join with the ip_address table where account_id = user's account id - return searchIpForwardingRulesInternal(ipAddress, cmd, account.getId(), Account.ACCOUNT_TYPE_DOMAIN_ADMIN); - } - } - - if(account.getType() == Account.ACCOUNT_TYPE_NORMAL){ - if(ipAddress != null){ - IPAddressVO ipAddressVO = _publicIpAddressDao.findById(ipAddress); - if (ipAddressVO == null) { - throw new InvalidParameterValueException("Unable to find IP address " + ipAddress); - }else{ - //check permissions - if ((ipAddressVO.getAccountId() == null) || (account.getId() != ipAddressVO.getAccountId().longValue())) { - throw new PermissionDeniedException("Unable to list ip forwarding rule for address " + ipAddress + ", permission denied for account " + account.getId()); - }else{ - return searchIpForwardingRulesInternal(ipAddress, cmd, null, Account.ACCOUNT_TYPE_NORMAL); - } - } - }else{ - //need to list all rules visible to the user - //join with the ip_address table where account_id = user's account id - return searchIpForwardingRulesInternal(ipAddress, cmd, account.getId(), Account.ACCOUNT_TYPE_NORMAL); - } - } - - return new ArrayList(); - } - - private List searchIpForwardingRulesInternal(String ipAddress, ListIpForwardingRulesCmd cmd, Long accountId, short accountType){ - Filter searchFilter = new Filter(FirewallRuleVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); - if(accountId == null){ - SearchCriteria sc = _firewallRulesDao.createSearchCriteria(); - if (ipAddress != null) { - sc.addAnd("publicIpAddress", SearchCriteria.Op.EQ, ipAddress); - } - //search for rules with protocol = nat - sc.addAnd("protocol", SearchCriteria.Op.EQ, NetUtils.NAT_PROTO); - return _firewallRulesDao.search(sc, searchFilter); - - }else{ - //accountId and accountType both given - if((accountType == Account.ACCOUNT_TYPE_NORMAL) || (accountType == Account.ACCOUNT_TYPE_DOMAIN_ADMIN)){ - SearchBuilder sb = _firewallRulesDao.createSearchBuilder(); - - SearchBuilder sb1 = _publicIpAddressDao.createSearchBuilder(); - sb1.and("accountId", sb1.entity().getAccountId(), SearchCriteria.Op.EQ); - sb1.and("oneToOneNat", sb1.entity().isOneToOneNat(), SearchCriteria.Op.EQ); - sb.join("sb1", sb1, sb.entity().getPublicIpAddress(),sb1.entity().getAddress(), JoinBuilder.JoinType.INNER); - - SearchCriteria sc = sb.create(); - sc.setJoinParameters("sb1","oneToOneNat", new Long(1)); - sc.setJoinParameters("sb1", "accountId", accountId); - - return _firewallRulesDao.search(sc, searchFilter); - } - } - - return new ArrayList(); - } @Override public List searchForUserVMs(ListVMsCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { @@ -2862,14 +2737,16 @@ public class ManagementServerImpl implements ManagementServer { if (zone != null) { sc.setParameters("dataCenterId", zone); - if(state == null) - sc.setParameters("stateNEQ", "Destroyed"); + if(state == null) { + sc.setParameters("stateNEQ", "Destroyed"); + } } if (pod != null) { sc.setParameters("podId", pod); - if(state == null) - sc.setParameters("stateNEQ", "Destroyed"); + if(state == null) { + sc.setParameters("stateNEQ", "Destroyed"); + } } if (hostId != null) { @@ -2897,95 +2774,6 @@ public class ManagementServerImpl implements ManagementServer { return _userVmDao.search(sc, searchFilter); } - @Override - public FirewallRuleVO updatePortForwardingRule(UpdatePortForwardingRuleCmd cmd) throws InvalidParameterValueException, PermissionDeniedException{ - String publicIp = cmd.getPublicIp(); - String privateIp = cmd.getPrivateIp(); - String privatePort = cmd.getPrivatePort(); - String publicPort = cmd.getPublicPort(); - String protocol = cmd.getProtocol(); - Long vmId = cmd.getVirtualMachineId(); - Long userId = UserContext.current().getUserId(); - Account account = UserContext.current().getAccount(); - UserVmVO userVM = null; - - if (userId == null) { - userId = Long.valueOf(User.UID_SYSTEM); - } - - IPAddressVO ipAddressVO = findIPAddressById(publicIp); - if (ipAddressVO == null) { - throw new InvalidParameterValueException("Unable to find IP address " + publicIp); - } - - if (ipAddressVO.getAccountId() == null) { - throw new InvalidParameterValueException("Unable to update port forwarding rule, owner of IP address " + publicIp + " not found."); - } - - if (privateIp != null) { - if (!NetUtils.isValidIp(privateIp)) { - throw new InvalidParameterValueException("Invalid private IP address specified: " + privateIp); - } - Criteria c = new Criteria(); - c.addCriteria(Criteria.ACCOUNTID, new Object[] {ipAddressVO.getAccountId()}); - c.addCriteria(Criteria.DATACENTERID, ipAddressVO.getDataCenterId()); - c.addCriteria(Criteria.IPADDRESS, privateIp); - List userVMs = searchForUserVMs(c); - if ((userVMs == null) || userVMs.isEmpty()) { - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Invalid private IP address specified: " + privateIp + ", no virtual machine instances running with that address."); - } - userVM = userVMs.get(0); - } else if (vmId != null) { - userVM = findUserVMInstanceById(vmId); - if (userVM == null) { - throw new InvalidParameterValueException("Unable to find virtual machine with id " + vmId); - } - - if ((ipAddressVO.getAccountId() == null) || (ipAddressVO.getAccountId().longValue() != userVM.getAccountId())) { - throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); - } - - if (ipAddressVO.getDataCenterId() != userVM.getDataCenterId()) { - throw new PermissionDeniedException("Unable to update port forwarding rule, IP address " + publicIp + " is not in the same availability zone as virtual machine " + userVM.toString()); - } - - privateIp = userVM.getGuestIpAddress(); - } else { - throw new InvalidParameterValueException("No private IP address (privateip) or virtual machine instance id (virtualmachineid) specified, unable to update port forwarding rule"); - } - - // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters - if (account != null) { - if (isAdmin(account.getType())) { - if (!_domainDao.isChildDomain(account.getDomainId(), ipAddressVO.getDomainId())) { - throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); - } - } else if (account.getId() != ipAddressVO.getAccountId()) { - throw new PermissionDeniedException("Unable to update port forwarding rule on IP address " + publicIp + ", permission denied."); - } - } - - List fwRules = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, protocol); - if ((fwRules != null) && (fwRules.size() == 1)) { - FirewallRuleVO fwRule = fwRules.get(0); - String oldPrivateIP = fwRule.getPrivateIpAddress(); - String oldPrivatePort = fwRule.getPrivatePort(); - fwRule.setPrivateIpAddress(privateIp); - fwRule.setPrivatePort(privatePort); - _firewallRulesDao.update(fwRule.getId(), fwRule); - _networkMgr.updateFirewallRule(fwRule, oldPrivateIP, oldPrivatePort); - return fwRule; - }else{ - s_logger.warn("Unable to find the rule to be updated for public ip:public port"+publicIp+":"+publicPort+ "private ip:private port:"+privateIp+":"+privatePort); - throw new InvalidParameterValueException("Unable to find the rule to be updated for public ip:public port"+publicIp+":"+publicPort+ " private ip:private port:"+privateIp+":"+privatePort); - } - } - - @Override - public FirewallRuleVO findForwardingRuleById(Long ruleId) { - return _firewallRulesDao.findById(ruleId); - } - @Override public IPAddressVO findIPAddressById(String ipAddress) { return _publicIpAddressDao.findById(ipAddress); @@ -3067,8 +2855,9 @@ public class ManagementServerImpl implements ManagementServer { sc.addAnd("level", SearchCriteria.Op.SC, ssc); } - if (level != null) - sc.setParameters("levelEQ", level); + if (level != null) { + sc.setParameters("levelEQ", level); + } if (accountId != null) { sc.setParameters("accountId", accountId); @@ -3701,8 +3490,9 @@ public class ManagementServerImpl implements ManagementServer { VMInstanceVO vm = this.findVMInstanceById(vmId); if (vm != null) { ConsoleProxyInfo proxy = getConsoleProxy(vm.getDataCenterId(), vmId); - if (proxy != null) + if (proxy != null) { return proxy.getProxyImageUrl(); + } } return null; } @@ -3714,12 +3504,14 @@ public class ManagementServerImpl implements ManagementServer { return new Pair(null, -1); } - if(s_logger.isTraceEnabled()) - s_logger.trace("Trying to retrieve VNC port from agent about VM " + vm.getHostName()); + if(s_logger.isTraceEnabled()) { + s_logger.trace("Trying to retrieve VNC port from agent about VM " + vm.getHostName()); + } GetVncPortAnswer answer = (GetVncPortAnswer) _agentMgr.easySend(vm.getHostId(), new GetVncPortCommand(vm.getId(), vm.getInstanceName())); - if(answer != null) + if(answer != null) { return new Pair(answer.getAddress(), answer.getPort()); + } return new Pair(null, -1); } @@ -4387,10 +4179,12 @@ public class ManagementServerImpl implements ManagementServer { dol.addAll(_diskOfferingDao.search(sc, searchFilter)); //try and move on to the next domain - if(domainRecord.getParent() != null) - domainRecord = _domainDao.findById(domainRecord.getParent()); - else - break;//now we got all the offerings for this user/dom adm + if(domainRecord.getParent() != null) { + domainRecord = _domainDao.findById(domainRecord.getParent()); + } + else { + break;//now we got all the offerings for this user/dom adm + } } }else{ s_logger.error("Could not find the domainId for account:"+account.getAccountName()); @@ -4398,8 +4192,9 @@ public class ManagementServerImpl implements ManagementServer { } //add all the public offerings to the sol list before returning - if(includePublicOfferings) - dol.addAll(_diskOfferingDao.findPublicDiskOfferings()); + if(includePublicOfferings) { + dol.addAll(_diskOfferingDao.findPublicDiskOfferings()); + } return dol; @@ -4500,17 +4295,19 @@ public class ManagementServerImpl implements ManagementServer { public AsyncJobResult queryAsyncJobResult(long jobId) throws PermissionDeniedException { AsyncJobVO job = _asyncMgr.getAsyncJob(jobId); if (job == null) { - if (s_logger.isDebugEnabled()) + if (s_logger.isDebugEnabled()) { s_logger.debug("queryAsyncJobResult error: Permission denied, invalid job id " + jobId); + } throw new PermissionDeniedException("Permission denied, invalid job id " + jobId); } // treat any requests from API server as trusted requests if (!UserContext.current().isApiServer() && job.getAccountId() != UserContext.current().getAccount().getId()) { - if (s_logger.isDebugEnabled()) + if (s_logger.isDebugEnabled()) { s_logger.debug("Mismatched account id in job and user context, perform further securty check. job id: " + jobId + ", job owner account: " + job.getAccountId() + ", accound id in current context: " + UserContext.current().getAccount().getId()); + } Account account = UserContext.current().getAccount(); if (account != null) { @@ -4550,200 +4347,6 @@ public class ManagementServerImpl implements ManagementServer { return _asyncMgr.getAsyncJob(jobId); } - @Override - public LoadBalancerVO findLoadBalancer(Long accountId, String name) { - SearchCriteria sc = _loadBalancerDao.createSearchCriteria(); - sc.addAnd("accountId", SearchCriteria.Op.EQ, accountId); - sc.addAnd("name", SearchCriteria.Op.EQ, name); - List loadBalancers = _loadBalancerDao.search(sc, null); - if ((loadBalancers != null) && !loadBalancers.isEmpty()) { - return loadBalancers.get(0); - } - return null; - } - - @Override - public LoadBalancerVO findLoadBalancerById(long loadBalancerId) { - return _loadBalancerDao.findById(Long.valueOf(loadBalancerId)); - } - - @Override - public List listLoadBalancerInstances(ListLoadBalancerRuleInstancesCmd cmd) throws PermissionDeniedException { - Account account = UserContext.current().getAccount(); - Long loadBalancerId = cmd.getId(); - Boolean applied = cmd.isApplied(); - - if (applied == null) { - applied = Boolean.TRUE; - } - - LoadBalancerVO loadBalancer = _loadBalancerDao.findById(loadBalancerId); - if (loadBalancer == null) { - return null; - } - - if (account != null) { - long lbAcctId = loadBalancer.getAccountId(); - if (isAdmin(account.getType())) { - Account userAccount = _accountDao.findById(lbAcctId); - if (!_domainDao.isChildDomain(account.getDomainId(), userAccount.getDomainId())) { - throw new PermissionDeniedException("Invalid load balancer rule id (" + loadBalancerId + ") given, unable to list load balancer instances."); - } - } else if (account.getId() != lbAcctId) { - throw new PermissionDeniedException("Unable to list load balancer instances, account " + account.getAccountName() + " does not own load balancer rule " + loadBalancer.getName()); - } - } - - List loadBalancerInstances = new ArrayList(); - List vmLoadBalancerMappings = null; - if (applied) { - // List only the instances that have actually been applied to the load balancer (pending is false). - vmLoadBalancerMappings = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId, false); - } else { - // List all instances applied, even pending ones that are currently being assigned, so that the semantics - // of "what instances can I apply to this load balancer" are maintained. - vmLoadBalancerMappings = _loadBalancerVMMapDao.listByLoadBalancerId(loadBalancerId); - } - List appliedInstanceIdList = new ArrayList(); - if ((vmLoadBalancerMappings != null) && !vmLoadBalancerMappings.isEmpty()) { - for (LoadBalancerVMMapVO vmLoadBalancerMapping : vmLoadBalancerMappings) { - appliedInstanceIdList.add(vmLoadBalancerMapping.getInstanceId()); - } - } - - IPAddressVO addr = _publicIpAddressDao.findById(loadBalancer.getIpAddress()); - List userVms = _userVmDao.listVirtualNetworkInstancesByAcctAndZone(loadBalancer.getAccountId(), addr.getDataCenterId()); - - for (UserVmVO userVm : userVms) { - // if the VM is destroyed, being expunged, in an error state, or in an unknown state, skip it - switch (userVm.getState()) { - case Destroyed: - case Expunging: - case Error: - case Unknown: - continue; - } - - boolean isApplied = appliedInstanceIdList.contains(userVm.getId()); - if (!applied && !isApplied) { - loadBalancerInstances.add(userVm); - } else if (applied && isApplied) { - loadBalancerInstances.add(userVm); - } - } - - return loadBalancerInstances; - } - - @Override - public List searchForLoadBalancers(ListLoadBalancerRulesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { - // do some parameter validation - Account account = UserContext.current().getAccount(); - String accountName = cmd.getAccountName(); - Long domainId = cmd.getDomainId(); - Long accountId = null; - Account ipAddressOwner = null; - String ipAddress = cmd.getPublicIp(); - - if (ipAddress != null) { - IPAddressVO ipAddressVO = _publicIpAddressDao.findById(ipAddress); - if (ipAddressVO == null) { - throw new InvalidParameterValueException("Unable to list load balancers, IP address " + ipAddress + " not found."); - } else { - Long ipAddrAcctId = ipAddressVO.getAccountId(); - if (ipAddrAcctId == null) { - throw new InvalidParameterValueException("Unable to list load balancers, IP address " + ipAddress + " is not associated with an account."); - } - ipAddressOwner = _accountDao.findById(ipAddrAcctId); - } - } - - if ((account == null) || isAdmin(account.getType())) { - // validate domainId before proceeding - if (domainId != null) { - if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), domainId)) { - throw new PermissionDeniedException("Unable to list load balancers for domain id " + domainId + ", permission denied."); - } - if (accountName != null) { - Account userAccount = _accountDao.findActiveAccount(accountName, domainId); - if (userAccount != null) { - accountId = userAccount.getId(); - } else { - throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); - } - } - } else if (ipAddressOwner != null) { - if ((account != null) && !_domainDao.isChildDomain(account.getDomainId(), ipAddressOwner.getDomainId())) { - throw new PermissionDeniedException("Unable to list load balancer rules for IP address " + ipAddress + ", permission denied."); - } - } else { - domainId = ((account == null) ? DomainVO.ROOT_DOMAIN : account.getDomainId()); - } - } else { - accountId = account.getId(); - } - - Filter searchFilter = new Filter(LoadBalancerVO.class, "ipAddress", true, cmd.getStartIndex(), cmd.getPageSizeVal()); - - Object id = cmd.getId(); - Object name = cmd.getLoadBalancerRuleName(); - Object keyword = cmd.getKeyword(); - Object instanceId = cmd.getVirtualMachineId(); - - SearchBuilder sb = _loadBalancerDao.createSearchBuilder(); - sb.and("id", sb.entity().getId(), SearchCriteria.Op.EQ); - sb.and("nameEQ", sb.entity().getName(), SearchCriteria.Op.EQ); - sb.and("accountId", sb.entity().getAccountId(), SearchCriteria.Op.EQ); - sb.and("ipAddress", sb.entity().getIpAddress(), SearchCriteria.Op.EQ); - - if ((accountId == null) && (domainId != null)) { - // if accountId isn't specified, we can do a domain match for the admin case - SearchBuilder domainSearch = _domainDao.createSearchBuilder(); - domainSearch.and("path", domainSearch.entity().getPath(), SearchCriteria.Op.LIKE); - sb.join("domainSearch", domainSearch, sb.entity().getDomainId(), domainSearch.entity().getId(), JoinBuilder.JoinType.INNER); - } - - if (instanceId != null) { - SearchBuilder lbVMSearch = _loadBalancerVMMapDao.createSearchBuilder(); - lbVMSearch.and("instanceId", lbVMSearch.entity().getInstanceId(), SearchCriteria.Op.EQ); - sb.join("lbVMSearch", lbVMSearch, sb.entity().getId(), lbVMSearch.entity().getLoadBalancerId(), JoinBuilder.JoinType.INNER); - } - - SearchCriteria sc = sb.create(); - if (keyword != null) { - SearchCriteria ssc = _loadBalancerDao.createSearchCriteria(); - ssc.addOr("name", SearchCriteria.Op.LIKE, "%" + keyword + "%"); - ssc.addOr("description", SearchCriteria.Op.LIKE, "%" + keyword + "%"); - - sc.addAnd("name", SearchCriteria.Op.SC, ssc); - } - - if (name != null) { - sc.setParameters("nameEQ", name); - } - - if (id != null) { - sc.setParameters("id", id); - } - - if (ipAddress != null) { - sc.setParameters("ipAddress", ipAddress); - } - - if (accountId != null) { - sc.setParameters("accountId", accountId); - } else if (domainId != null) { - DomainVO domain = _domainDao.findById(domainId); - sc.setJoinParameters("domainSearch", "path", domain.getPath() + "%"); - } - - if (instanceId != null) { - sc.setJoinParameters("lbVMSearch", "instanceId", instanceId); - } - - return _loadBalancerDao.search(sc, searchFilter); - } - @Override public String[] getApiConfig() { return new String[] { "commands.properties" }; @@ -4781,8 +4384,9 @@ public class ManagementServerImpl implements ManagementServer { } catch (Exception e) { s_logger.error("Exception ", e); } finally { - if(txn != null) - txn.close(); + if(txn != null) { + txn.close(); + } lock.unlock(); } @@ -5058,11 +4662,13 @@ public class ManagementServerImpl implements ManagementServer { @Override public VMInstanceVO findSystemVMById(long instanceId) { VMInstanceVO systemVm = _vmInstanceDao.findByIdTypes(instanceId, VirtualMachine.Type.ConsoleProxy, VirtualMachine.Type.SecondaryStorageVm); - if(systemVm == null) - return null; + if(systemVm == null) { + return null; + } - if(systemVm.getType() == VirtualMachine.Type.ConsoleProxy) - return _consoleProxyDao.findById(instanceId); + if(systemVm.getType() == VirtualMachine.Type.ConsoleProxy) { + return _consoleProxyDao.findById(instanceId); + } return _secStorageVmDao.findById(instanceId); } @@ -5199,8 +4805,9 @@ public class ManagementServerImpl implements ManagementServer { //verify that user exists User user = findUserById(userId); - if ((user == null) || (user.getRemoved() != null)) - throw new InvalidParameterValueException("Unable to find active user by id " + userId); + if ((user == null) || (user.getRemoved() != null)) { + throw new InvalidParameterValueException("Unable to find active user by id " + userId); + } String cloudIdentifier = _configDao.getValue("cloud.identifier"); if (cloudIdentifier == null) { @@ -5298,10 +4905,11 @@ public class ManagementServerImpl implements ManagementServer { { String value = _configs.get("use.local.storage"); - if(value!=null && value.equalsIgnoreCase("true")) - return true; - else - return false; + if(value!=null && value.equalsIgnoreCase("true")) { + return true; + } else { + return false; + } } @Override @@ -5331,8 +4939,9 @@ public class ManagementServerImpl implements ManagementServer { Map capabilities = new HashMap(); String networkGroupsEnabled = _configs.get("direct.attach.network.groups.enabled"); - if(networkGroupsEnabled == null) - networkGroupsEnabled = "false"; + if(networkGroupsEnabled == null) { + networkGroupsEnabled = "false"; + } capabilities.put("networkGroupsEnabled", networkGroupsEnabled); capabilities.put("cloudStackVersion", getVersion()); @@ -5368,10 +4977,11 @@ public class ManagementServerImpl implements ManagementServer { if(rootVolume!=null){ Status poolStatus = _poolDao.findById(rootVolume.getPoolId()).getStatus(); - if(!poolStatus.equals(Status.Up)) - return false; - else - return true; + if(!poolStatus.equals(Status.Up)) { + return false; + } else { + return true; + } } return false; @@ -5683,11 +5293,13 @@ public class ManagementServerImpl implements ManagementServer { throw new ResourceUnavailableException(msg); }else{ if(cert.getUpdated().equalsIgnoreCase("Y")){ - if(s_logger.isDebugEnabled()) - s_logger.debug("A custom certificate already exists in the DB, will replace it with the new one being uploaded"); + if(s_logger.isDebugEnabled()) { + s_logger.debug("A custom certificate already exists in the DB, will replace it with the new one being uploaded"); + } }else{ - if(s_logger.isDebugEnabled()) - s_logger.debug("No custom certificate exists in the DB, will upload a new one"); + if(s_logger.isDebugEnabled()) { + s_logger.debug("No custom certificate exists in the DB, will upload a new one"); + } } //validate if the cert follows X509 format, if not, don't persist to db @@ -5702,8 +5314,9 @@ public class ManagementServerImpl implements ManagementServer { } certVOId = _certDao.persistCustomCertToDb(certificate,cert,this.getId());//0 implies failure - if(s_logger.isDebugEnabled()) - s_logger.debug("Custom certificate persisted to the DB"); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Custom certificate persisted to the DB"); + } } if (certVOId != 0) @@ -5743,8 +5356,9 @@ public class ManagementServerImpl implements ManagementServer { long eventId = saveScheduledEvent(User.UID_SYSTEM, Account.ACCOUNT_ID_SYSTEM, EventTypes.EVENT_PROXY_REBOOT, "rebooting console proxy with Id: "+cp.getId()); _consoleProxyMgr.rebootProxy(cp.getId(), eventId); //when cp reboots, the context will be reinit with the new cert - if(s_logger.isDebugEnabled()) - s_logger.debug("Successfully updated custom certificate on console proxy vm id:"+cp.getId()+" ,console proxy host id:"+cpHostId); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Successfully updated custom certificate on console proxy vm id:"+cp.getId()+" ,console proxy host id:"+cpHostId); + } updatedCpIdList.add(cp.getId()); } } catch (AgentUnavailableException e) { @@ -5768,11 +5382,11 @@ public class ManagementServerImpl implements ManagementServer { } }catch (Exception e) { s_logger.warn("Failed to successfully update the cert across console proxies on management server:"+this.getId()); - if(e instanceof ResourceUnavailableException) - throw new ServerApiException(BaseCmd.RESOURCE_UNAVAILABLE_ERROR, e.getMessage()); - else if(e instanceof ManagementServerException) - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, e.getMessage()); - else if(e instanceof IndexOutOfBoundsException){ + if(e instanceof ResourceUnavailableException) { + throw new ServerApiException(BaseCmd.RESOURCE_UNAVAILABLE_ERROR, e.getMessage()); + } else if(e instanceof ManagementServerException) { + throw new ServerApiException(BaseCmd.INTERNAL_ERROR, e.getMessage()); + } else if(e instanceof IndexOutOfBoundsException){ String msg = "Custom certificate record in the db deleted; this should never happen. Please create a new record in the certificate table"; s_logger.error(msg,e); throw new ServerApiException(BaseCmd.INTERNAL_ERROR, msg); diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 4033f5853ee..0fd87985904 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -128,10 +128,8 @@ import com.cloud.host.HostVO; import com.cloud.host.dao.DetailsDao; import com.cloud.host.dao.HostDao; import com.cloud.hypervisor.Hypervisor.HypervisorType; -import com.cloud.network.FirewallRuleVO; import com.cloud.network.IPAddressVO; import com.cloud.network.IpAddrAllocator; -import com.cloud.network.LoadBalancerVMMapVO; import com.cloud.network.NetworkManager; import com.cloud.network.NetworkVO; import com.cloud.network.Networks.TrafficType; @@ -328,9 +326,10 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM VMTemplateVO template = _templateDao.findById(vmInstance.getTemplateId()); if (template.getEnablePassword()) { - if (vmInstance.getDomainRouterId() == null) - /*TODO: add it for external dhcp mode*/ + if (vmInstance.getDomainRouterId() == null) { + /*TODO: add it for external dhcp mode*/ return true; + } if (_networkMgr.savePasswordToRouter(vmInstance.getDomainRouterId(), vmInstance.getPrivateIpAddress(), password)) { // Need to reboot the virtual machine so that the password gets redownloaded from the DomR, and reset on the VM if (!rebootVirtualMachine(userId, vmId)) { @@ -418,11 +417,13 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM // If the account is not an admin, check that the volume and the virtual machine are owned by the account that was passed in if (account != null) { if (!isAdmin(account.getType())) { - if (account.getId() != volume.getAccountId()) + if (account.getId() != volume.getAccountId()) { throw new PermissionDeniedException("Unable to find volume with ID: " + volumeId + " for account: " + account.getAccountName() + ". Permission denied."); + } - if (account.getId() != vm.getAccountId()) + if (account.getId() != vm.getAccountId()) { throw new PermissionDeniedException("Unable to find VM with ID: " + vmId + " for account: " + account.getAccountName() + ". Permission denied"); + } } else { if (!_domainDao.isChildDomain(account.getDomainId(), volume.getDomainId()) || !_domainDao.isChildDomain(account.getDomainId(), vm.getDomainId())) { @@ -538,8 +539,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM if(asyncExecutor != null) { AsyncJobVO job = asyncExecutor.getJob(); - if(s_logger.isInfoEnabled()) - s_logger.info("Trying to attaching volume " + volumeId +" to vm instance:"+vm.getId()+ ", update async job-" + job.getId() + " progress status"); + if(s_logger.isInfoEnabled()) { + s_logger.info("Trying to attaching volume " + volumeId +" to vm instance:"+vm.getId()+ ", update async job-" + job.getId() + " progress status"); + } _asyncMgr.updateAsyncJobAttachment(job.getId(), "volume", volumeId); _asyncMgr.updateAsyncJobStatus(job.getId(), BaseCmd.PROGRESS_INSTANCE_CREATED, volumeId); @@ -552,8 +554,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM if(hostId == null) { hostId = vm.getLastHostId(); HostVO host = _hostDao.findById(hostId); - if(host != null && host.getHypervisorType() == HypervisorType.VmWare) - sendCommand = true; + if(host != null && host.getHypervisorType() == HypervisorType.VmWare) { + sendCommand = true; + } } if (sendCommand) { @@ -581,18 +584,20 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM } else { _volsDao.attachVolume(volume.getId(), vmId, deviceId); } - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("Volume: " +volume.getName()+ " successfully attached to VM: "+vm.getHostName()+"("+vm.getDisplayName()+")"); - else - event.setDescription("Volume: " +volume.getName()+ " successfully attached to VM: "+vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("Volume: " +volume.getName()+ " successfully attached to VM: "+vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { + event.setDescription("Volume: " +volume.getName()+ " successfully attached to VM: "+vm.getHostName()); + } event.setLevel(EventVO.LEVEL_INFO); _eventDao.persist(event); return _volsDao.findById(volumeId); } else { if (answer != null) { String details = answer.getDetails(); - if (details != null && !details.isEmpty()) - errorMsg += "; " + details; + if (details != null && !details.isEmpty()) { + errorMsg += "; " + details; + } } throw new CloudRuntimeException(errorMsg); } @@ -634,13 +639,15 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM } // Check that the volume ID is valid - if (volume == null) - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find volume with ID: " + volumeId); + if (volume == null) { + throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find volume with ID: " + volumeId); + } // If the account is not an admin, check that the volume is owned by the account that was passed in if (!isAdmin) { - if (account.getId() != volume.getAccountId()) - throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find volume with ID: " + volumeId + " for account: " + account.getAccountName()); + if (account.getId() != volume.getAccountId()) { + throw new ServerApiException(BaseCmd.PARAM_ERROR, "Unable to find volume with ID: " + volumeId + " for account: " + account.getAccountName()); + } } else if (account != null) { if (!_domainDao.isChildDomain(account.getDomainId(), volume.getDomainId())) { throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "Unable to detach volume with ID: " + volumeId + ", permission denied."); @@ -674,8 +681,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM if(asyncExecutor != null) { AsyncJobVO job = asyncExecutor.getJob(); - if(s_logger.isInfoEnabled()) - s_logger.info("Trying to attaching volume " + volumeId +"to vm instance:"+vm.getId()+ ", update async job-" + job.getId() + " progress status"); + if(s_logger.isInfoEnabled()) { + s_logger.info("Trying to attaching volume " + volumeId +"to vm instance:"+vm.getId()+ ", update async job-" + job.getId() + " progress status"); + } _asyncMgr.updateAsyncJobAttachment(job.getId(), "volume", volumeId); _asyncMgr.updateAsyncJobStatus(job.getId(), BaseCmd.PROGRESS_INSTANCE_CREATED, volumeId); @@ -707,10 +715,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM if (!sendCommand || (answer != null && answer.getResult())) { // Mark the volume as detached _volsDao.detachVolume(volume.getId()); - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("Volume: " +volume.getName()+ " successfully detached from VM: "+vm.getHostName()+"("+vm.getDisplayName()+")"); - else - event.setDescription("Volume: " +volume.getName()+ " successfully detached from VM: "+vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("Volume: " +volume.getName()+ " successfully detached from VM: "+vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { + event.setDescription("Volume: " +volume.getName()+ " successfully detached from VM: "+vm.getHostName()); + } event.setLevel(EventVO.LEVEL_INFO); _eventDao.persist(event); @@ -719,8 +728,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM if (answer != null) { String details = answer.getDetails(); - if (details != null && !details.isEmpty()) - errorMsg += "; " + details; + if (details != null && !details.isEmpty()) { + errorMsg += "; " + details; + } } throw new CloudRuntimeException(errorMsg); @@ -781,13 +791,14 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM // TODO following implementation only do asynchronized operation at API level try { UserVmVO vm = start(param.getUserId(), param.getVmId(), null, param.getIsoPath(), param.getEventId()); - if(vm != null) - executor.getAsyncJobMgr().completeAsyncJob(executor.getJob().getId(), + if(vm != null) { + executor.getAsyncJobMgr().completeAsyncJob(executor.getJob().getId(), AsyncJobResult.STATUS_SUCCEEDED, 0, VMExecutorHelper.composeResultObject( executor.getAsyncJobMgr().getExecutorContext().getManagementServer(), vm, null)); - else - executor.getAsyncJobMgr().completeAsyncJob(executor.getJob().getId(), + } else { + executor.getAsyncJobMgr().completeAsyncJob(executor.getJob().getId(), AsyncJobResult.STATUS_FAILED, BaseCmd.INTERNAL_ERROR, "Unable to start vm"); + } } catch (StorageUnavailableException e) { s_logger.debug("Unable to start vm because storage is unavailable: " + e.getMessage()); @@ -912,12 +923,14 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM HostVO host = null; if(vm.getLastHostId() != null) { host = _hostDao.findById(vm.getLastHostId()); - if(host == null || host.getStatus() != com.cloud.host.Status.Up || host.getHypervisorType() != HypervisorType.VmWare) - host = null; + if(host == null || host.getStatus() != com.cloud.host.Status.Up || host.getHypervisorType() != HypervisorType.VmWare) { + host = null; + } } - if(host == null) - host = (HostVO) _agentMgr.findHost(Host.Type.Routing, dc, pod, sp, offering, template, vm, null, avoid); + if(host == null) { + host = (HostVO) _agentMgr.findHost(Host.Type.Routing, dc, pod, sp, offering, template, vm, null, avoid); + } if (host == null) { String description = "Unable to find any host for " + vm.toString(); @@ -949,10 +962,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM if (router == null) { s_logger.error("Unable to add vm " + vm.getId() + " - " + vm.getHostName()); _vmDao.updateIf(vm, VirtualMachine.Event.OperationFailed, null); - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("Unable to start VM: " + vm.getHostName()+"("+vm.getDisplayName()+")" + "; Unable to add VM to guest network"); - else - event.setDescription("Unable to start VM: " + vm.getHostName() + "; Unable to add VM to guest network"); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("Unable to start VM: " + vm.getHostName()+"("+vm.getDisplayName()+")" + "; Unable to add VM to guest network"); + } else { + event.setDescription("Unable to start VM: " + vm.getHostName() + "; Unable to add VM to guest network"); + } event.setLevel(EventVO.LEVEL_ERROR); _eventDao.persist(event); @@ -1096,10 +1110,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM } while (--retry > 0 && (host = (HostVO)_agentMgr.findHost(Host.Type.Routing, dc, pod, sp, offering, template, vm, null, avoid)) != null); if (host == null || retry <= 0) { - if(!vm.getHostName().equals(vm.getDisplayName())) + if(!vm.getHostName().equals(vm.getDisplayName())) { event.setDescription("Unable to start VM: " + vm.getHostName()+"("+vm.getDisplayName()+")"+ " Reason: "+answer.getDetails()); - else + } else { event.setDescription("Unable to start VM: " + vm.getHostName()+ " Reason: "+answer.getDetails()); + } event.setLevel(EventVO.LEVEL_ERROR); _eventDao.persist(event); @@ -1107,10 +1122,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM } if (!_vmDao.updateIf(vm, VirtualMachine.Event.OperationSucceeded, host.getId())) { - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("unable to start VM: " + vm.getHostName()+"("+vm.getDisplayName()+")"); - else - event.setDescription("unable to start VM: " + vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("unable to start VM: " + vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { + event.setDescription("unable to start VM: " + vm.getHostName()); + } event.setLevel(EventVO.LEVEL_ERROR); _eventDao.persist(event); throw new ConcurrentOperationException("Starting vm " + vm.getHostName() + " didn't work."); @@ -1120,10 +1136,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM s_logger.debug("Started vm " + vm.getHostName()); } - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("successfully started VM: " + vm.getHostName()+"("+vm.getDisplayName()+")"); - else - event.setDescription("successfully started VM: " + vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("successfully started VM: " + vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { + event.setDescription("successfully started VM: " + vm.getHostName()); + } _eventDao.persist(event); _networkGroupMgr.handleVmStateTransition(vm, State.Running); @@ -1220,8 +1237,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM resultDescription = "VM is either removed or deleted"; executor.getAsyncJobMgr().completeAsyncJob(executor.getJob().getId(), AsyncJobResult.STATUS_SUCCEEDED, 0, resultDescription); - if(s_logger.isDebugEnabled()) - s_logger.debug("Execute asynchronize stop VM command: " +resultDescription); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Execute asynchronize stop VM command: " +resultDescription); + } response = new OperationResponse(OperationResponse.STATUS_SUCCEEDED, resultDescription); return response; } @@ -1232,8 +1250,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM executor.getAsyncJobMgr().completeAsyncJob(executor.getJob().getId(), AsyncJobResult.STATUS_SUCCEEDED, 0, resultDescription); - if(s_logger.isDebugEnabled()) - s_logger.debug("Execute asynchronize stop VM command: " +resultDescription); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Execute asynchronize stop VM command: " +resultDescription); + } response = new OperationResponse(OperationResponse.STATUS_SUCCEEDED, resultDescription); return response; } @@ -1243,8 +1262,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM executor.getAsyncJobMgr().completeAsyncJob(executor.getJob().getId(), AsyncJobResult.STATUS_SUCCEEDED, 0, resultDescription); - if(s_logger.isDebugEnabled()) - s_logger.debug("Execute asynchronize stop VM command: " +resultDescription); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Execute asynchronize stop VM command: " +resultDescription); + } response = new OperationResponse(OperationResponse.STATUS_SUCCEEDED, resultDescription); return response; } @@ -1254,8 +1274,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM executor.getAsyncJobMgr().completeAsyncJob(executor.getJob().getId(), AsyncJobResult.STATUS_FAILED, 0, resultDescription); - if(s_logger.isDebugEnabled()) - s_logger.debug("Execute asynchronize stop VM command: " +resultDescription); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Execute asynchronize stop VM command: " +resultDescription); + } response = new OperationResponse(OperationResponse.STATUS_FAILED, resultDescription); return response; } @@ -1265,8 +1286,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM executor.getAsyncJobMgr().completeAsyncJob(executor.getJob().getId(), AsyncJobResult.STATUS_FAILED, 0, resultDescription); - if(s_logger.isDebugEnabled()) - s_logger.debug("Execute asynchronize stop VM command: " +resultDescription); + if(s_logger.isDebugEnabled()) { + s_logger.debug("Execute asynchronize stop VM command: " +resultDescription); + } response = new OperationResponse(OperationResponse.STATUS_FAILED, resultDescription); return response; } @@ -1281,8 +1303,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM try { long seq = _agentMgr.send(vm.getHostId(), new Commands(cmd), new VMOperationListener(executor, param, vm, 0)); resultDescription = "Execute asynchronize stop VM command: sending command to agent, seq - " + seq; - if(s_logger.isDebugEnabled()) - s_logger.debug(resultDescription); + if(s_logger.isDebugEnabled()) { + s_logger.debug(resultDescription); + } response = new OperationResponse(OperationResponse.STATUS_IN_PROGRESS, resultDescription); return response; } catch (AgentUnavailableException e) { @@ -1314,17 +1337,19 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM RebootAnswer answer = (RebootAnswer)_agentMgr.easySend(vm.getHostId(), cmd); if (answer != null) { - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("Successfully rebooted VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); - else - event.setDescription("Successfully rebooted VM instance : " + vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("Successfully rebooted VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { + event.setDescription("Successfully rebooted VM instance : " + vm.getHostName()); + } _eventDao.persist(event); return true; } else { - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("failed to reboot VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); - else - event.setDescription("failed to reboot VM instance : " + vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("failed to reboot VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { + event.setDescription("failed to reboot VM instance : " + vm.getHostName()); + } event.setLevel(EventVO.LEVEL_ERROR); _eventDao.persist(event); return false; @@ -1673,10 +1698,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM txn.start(); if(vm != null && vm.getHostName() != null && vm.getDisplayName() != null) { - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("successfully created VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); - else - event.setDescription("successfully created VM instance : " + vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("successfully created VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { + event.setDescription("successfully created VM instance : " + vm.getHostName()); + } } else { @@ -1744,10 +1770,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM event.setAccountId(vm.getAccountId()); event.setType(EventTypes.EVENT_VM_DESTROY); event.setParameters("id="+vm.getId() + "\nvmName=" + vm.getHostName() + "\nsoId=" + vm.getServiceOfferingId() + "\ntId=" + vm.getTemplateId() + "\ndcId=" + vm.getDataCenterId()); - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("Successfully destroyed VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); - else - event.setDescription("Successfully destroyed VM instance : " + vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("Successfully destroyed VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { + event.setDescription("Successfully destroyed VM instance : " + vm.getHostName()); + } _eventDao.persist(event); _accountMgr.decrementResourceCount(vm.getAccountId(), ResourceType.user_vm); @@ -1775,8 +1802,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM Account accountHandle = UserContext.current().getAccount(); //if account is removed, return error - if(accountHandle!=null && accountHandle.getRemoved() != null) - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "The account " + accountHandle.getId()+" is removed"); + if(accountHandle!=null && accountHandle.getRemoved() != null) { + throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "The account " + accountHandle.getId()+" is removed"); + } // Verify input parameters UserVmVO vm = _vmDao.findById(vmId.longValue()); @@ -1821,18 +1849,20 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM account = _accountDao.lockRow(vm.getAccountId(), true); //if the account is deleted, throw error - if(account.getRemoved()!=null) - throw new CloudRuntimeException("Unable to recover VM as the account is deleted"); + if(account.getRemoved()!=null) { + throw new CloudRuntimeException("Unable to recover VM as the account is deleted"); + } // First check that the maximum number of UserVMs for the given accountId will not be exceeded if (_accountMgr.resourceLimitExceeded(account, ResourceType.user_vm)) { ResourceAllocationException rae = new ResourceAllocationException("Maximum number of virtual machines for account: " + account.getAccountName() + " has been exceeded."); rae.setResourceType("vm"); event.setLevel(EventVO.LEVEL_ERROR); - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("Failed to recover VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")" + "; the resource limit for account: " + account.getAccountName() + " has been exceeded."); - else - event.setDescription("Failed to recover VM instance : " + vm.getHostName() + "; the resource limit for account: " + account.getAccountName() + " has been exceeded."); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("Failed to recover VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")" + "; the resource limit for account: " + account.getAccountName() + " has been exceeded."); + } else { + event.setDescription("Failed to recover VM instance : " + vm.getHostName() + "; the resource limit for account: " + account.getAccountName() + " has been exceeded."); + } _eventDao.persist(event); txn.commit(); throw rae; @@ -1873,10 +1903,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM _accountMgr.incrementResourceCount(account.getId(), ResourceType.volume, new Long(volumes.size())); event.setLevel(EventVO.LEVEL_INFO); - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("successfully recovered VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); - else + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("successfully recovered VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { event.setDescription("successfully recovered VM instance : " + vm.getHostName()); + } _eventDao.persist(event); txn.commit(); @@ -2023,10 +2054,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM event.setState(Event.State.Completed); event.setStartId(startEventId); event.setParameters("id="+vm.getId() + "\n" + "vmName=" + vm.getHostName() + "\nsoId=" + vm.getServiceOfferingId() + "\ntId=" + vm.getTemplateId() + "\ndcId=" + vm.getDataCenterId()); - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("Successfully stopped VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); - else - event.setDescription("Successfully stopped VM instance : " + vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("Successfully stopped VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { + event.setDescription("Successfully stopped VM instance : " + vm.getHostName()); + } _eventDao.persist(event); if (_storageMgr.unshare(vm, null) == null) { @@ -2112,10 +2144,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM completeStopCommand(userId, vm, VirtualMachine.Event.OperationSucceeded, 0); } else { - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("failed to stop VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); - else - event.setDescription("failed to stop VM instance : " + vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("failed to stop VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { + event.setDescription("failed to stop VM instance : " + vm.getHostName()); + } event.setLevel(EventVO.LEVEL_ERROR); _eventDao.persist(event); _vmDao.updateIf(vm, VirtualMachine.Event.OperationFailed, vm.getHostId()); @@ -2238,53 +2271,53 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM deleteRules = false; } - if(deleteRules) - { - List forwardingRules = null; - forwardingRules = _rulesDao.listByPrivateIp(privateIpAddress); - - for(FirewallRuleVO rule: forwardingRules) - { - try - { - IPAddressVO publicIp = _ipAddressDao.findById(rule.getPublicIpAddress()); - - if(publicIp != null) - { - if((publicIp.getAccountId().longValue() == vm.getAccountId())) - { - if(publicIp.isOneToOneNat()){ - _networkMgr.deleteIpForwardingRule(rule.getId()); - if(s_logger.isDebugEnabled()) - s_logger.debug("Rule "+rule.getId()+" for vm:"+vm.getHostName()+" is deleted successfully during expunge operation"); - }else{ - _networkMgr.deletePortForwardingRule(rule.getId(),true);//delete the rule with the sys user's credentials - if(s_logger.isDebugEnabled()) - s_logger.debug("Rule "+rule.getId()+" for vm:"+vm.getHostName()+" is deleted successfully during expunge operation"); - } - } - } - } - catch(Exception e) - { - s_logger.warn("Failed to delete rule:"+rule.getId()+" for vm:"+vm.getHostName()); - } - } - } - - List vols = null; - try { - vols = _volsDao.findByInstanceIdDestroyed(vmId); - _storageMgr.destroy(vm, vols); - - _vmDao.remove(vm.getId()); - _networkGroupMgr.removeInstanceFromGroups(vm.getId()); - removeInstanceFromGroup(vm.getId()); - - s_logger.debug("vm is destroyed"); - } catch (Exception e) { - s_logger.info("VM " + vmId +" expunge failed due to " + e.getMessage()); - } +//FIXME if(deleteRules) +// { +// List forwardingRules = null; +// forwardingRules = _rulesDao.listByPrivateIp(privateIpAddress); +// +// for(PortForwardingRuleVO rule: forwardingRules) +// { +// try +// { +// IPAddressVO publicIp = _ipAddressDao.findById(rule.getSourceIpAddress()); +// +// if(publicIp != null) +// { +// if((publicIp.getAccountId().longValue() == vm.getAccountId())) +// { +// if(publicIp.isOneToOneNat()){ +// _networkMgr.deleteIpForwardingRule(rule.getId()); +// if(s_logger.isDebugEnabled()) +// s_logger.debug("Rule "+rule.getId()+" for vm:"+vm.getHostName()+" is deleted successfully during expunge operation"); +// }else{ +// _networkMgr.deletePortForwardingRule(rule.getId(),true);//delete the rule with the sys user's credentials +// if(s_logger.isDebugEnabled()) +// s_logger.debug("Rule "+rule.getId()+" for vm:"+vm.getHostName()+" is deleted successfully during expunge operation"); +// } +// } +// } +// } +// catch(Exception e) +// { +// s_logger.warn("Failed to delete rule:"+rule.getId()+" for vm:"+vm.getHostName()); +// } +// } +// } +// +// List vols = null; +// try { +// vols = _volsDao.findByInstanceIdDestroyed(vmId); +// _storageMgr.destroy(vm, vols); +// +// _vmDao.remove(vm.getId()); +// _networkGroupMgr.removeInstanceFromGroups(vm.getId()); +// removeInstanceFromGroup(vm.getId()); +// +// s_logger.debug("vm is destroyed"); +// } catch (Exception e) { +// s_logger.info("VM " + vmId +" expunge failed due to " + e.getMessage()); +// } } List destroyedVolumes = _volsDao.findByDetachedDestroyed(); @@ -2328,42 +2361,42 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM @Override public void cleanNetworkRules(long userId, long instanceId) { - UserVmVO vm = _vmDao.findById(instanceId); - String guestIpAddr = vm.getGuestIpAddress(); - long accountId = vm.getAccountId(); - - List loadBalancerMappings = _loadBalancerVMMapDao.listByInstanceId(vm.getId()); - for (LoadBalancerVMMapVO loadBalancerMapping : loadBalancerMappings) { - List lbRules = _rulesDao.listByLoadBalancerId(loadBalancerMapping.getLoadBalancerId()); - FirewallRuleVO targetLbRule = null; - for (FirewallRuleVO lbRule : lbRules) { - if (lbRule.getPrivateIpAddress().equals(guestIpAddr)) { - targetLbRule = lbRule; - targetLbRule.setEnabled(false); - break; - } - } - - if (targetLbRule != null) { - String ipAddress = targetLbRule.getPublicIpAddress(); - DomainRouterVO router = _routerDao.findById(vm.getDomainRouterId()); - _networkMgr.updateFirewallRules(ipAddress, lbRules, router); - - // now that the rule has been disabled, delete it, also remove the mapping from the load balancer mapping table - _rulesDao.remove(targetLbRule.getId()); - _loadBalancerVMMapDao.remove(loadBalancerMapping.getId()); - - // save off the event for deleting the LB rule - EventVO lbRuleEvent = new EventVO(); - lbRuleEvent.setUserId(userId); - lbRuleEvent.setAccountId(accountId); - lbRuleEvent.setType(EventTypes.EVENT_NET_RULE_DELETE); - lbRuleEvent.setDescription("deleted load balancer rule [" + targetLbRule.getPublicIpAddress() + ":" + targetLbRule.getPublicPort() + - "]->[" + targetLbRule.getPrivateIpAddress() + ":" + targetLbRule.getPrivatePort() + "]" + " " + targetLbRule.getAlgorithm()); - lbRuleEvent.setLevel(EventVO.LEVEL_INFO); - _eventDao.persist(lbRuleEvent); - } - } +//FIXME UserVmVO vm = _vmDao.findById(instanceId); +// String guestIpAddr = vm.getGuestIpAddress(); +// long accountId = vm.getAccountId(); +// +// List loadBalancerMappings = _loadBalancerVMMapDao.listByInstanceId(vm.getId()); +// for (LoadBalancerVMMapVO loadBalancerMapping : loadBalancerMappings) { +// List lbRules = _rulesDao.listByLoadBalancerId(loadBalancerMapping.getLoadBalancerId()); +// PortForwardingRuleVO targetLbRule = null; +// for (PortForwardingRuleVO lbRule : lbRules) { +// if (lbRule.getDestinationIpAddress().equals(guestIpAddr)) { +// targetLbRule = lbRule; +// targetLbRule.setEnabled(false); +// break; +// } +// } +// +// if (targetLbRule != null) { +// String ipAddress = targetLbRule.getSourceIpAddress(); +// DomainRouterVO router = _routerDao.findById(vm.getDomainRouterId()); +// _networkMgr.updateFirewallRules(ipAddress, lbRules, router); +// +// // now that the rule has been disabled, delete it, also remove the mapping from the load balancer mapping table +// _rulesDao.remove(targetLbRule.getId()); +// _loadBalancerVMMapDao.remove(loadBalancerMapping.getId()); +// +// // save off the event for deleting the LB rule +// EventVO lbRuleEvent = new EventVO(); +// lbRuleEvent.setUserId(userId); +// lbRuleEvent.setAccountId(accountId); +// lbRuleEvent.setType(EventTypes.EVENT_NET_RULE_DELETE); +// lbRuleEvent.setDescription("deleted load balancer rule [" + targetLbRule.getSourceIpAddress() + ":" + targetLbRule.getSourcePort() + +// "]->[" + targetLbRule.getDestinationIpAddress() + ":" + targetLbRule.getDestinationPort() + "]" + " " + targetLbRule.getAlgorithm()); +// lbRuleEvent.setLevel(EventVO.LEVEL_INFO); +// _eventDao.persist(lbRuleEvent); +// } +// } } @Override @@ -2664,8 +2697,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM long dataCenterId = dc.getId(); long serviceOfferingId = offering.getId(); long templateId = -1; - if (template != null) - templateId = template.getId(); + if (template != null) { + templateId = template.getId(); + } if (s_logger.isDebugEnabled()) { s_logger.debug("Creating directly attached vm for account id=" + account.getId() + @@ -2778,8 +2812,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM for(VlanVO vlanForAcc : vlansForAccount) { guestIp = _ipAddressDao.assignIpAddress(accountId, account.getDomainId(), vlanForAcc.getId(), false); - if(guestIp!=null) - break; //got an ip + if(guestIp!=null) { + break; //got an ip + } } } else if(!forAccount && !forZone) @@ -2788,8 +2823,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM for(VlanVO vlanForPod : vlansForPod) { guestIp = _ipAddressDao.assignIpAddress(accountId, account.getDomainId(), vlanForPod.getId(), false); - if(guestIp!=null) - break;//got an ip + if(guestIp!=null) { + break;//got an ip + } } } else @@ -2798,8 +2834,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM for(VlanVO vlanForZone : zoneWideVlans) { guestIp = _ipAddressDao.assignIpAddress(accountId, account.getDomainId(), vlanForZone.getId(), false); - if(guestIp!=null) - break;//found an ip + if(guestIp!=null) { + break;//found an ip + } } } @@ -2861,10 +2898,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM if (poolId == 0) { if(vm != null && vm.getHostName()!=null && vm.getDisplayName() != null) { - if(!vm.getHostName().equals(vm.getDisplayName())) - s_logger.debug("failed to create VM instance : " + name+"("+vm.getInstanceName()+")"); - else - s_logger.debug("failed to create VM instance : " + name); + if(!vm.getHostName().equals(vm.getDisplayName())) { + s_logger.debug("failed to create VM instance : " + name+"("+vm.getInstanceName()+")"); + } else { + s_logger.debug("failed to create VM instance : " + name); + } } else { @@ -2887,10 +2925,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM String diskOfferingIdentifier = (diskOffering != null) ? String.valueOf(diskOffering.getId()) : "-1"; String eventParams = "id=" + vm.getId() + "\nvmName=" + vm.getHostName() + "\nsoId=" + vm.getServiceOfferingId() + "\ndoId=" + diskOfferingIdentifier + "\ntId=" + vm.getTemplateId() + "\ndcId=" + vm.getDataCenterId(); event.setParameters(eventParams); - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("successfully created VM instance : " + vm.getHostName()+"("+vm.getInstanceName()+")"); - else - event.setDescription("successfully created VM instance : " + vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("successfully created VM instance : " + vm.getHostName()+"("+vm.getInstanceName()+")"); + } else { + event.setDescription("successfully created VM instance : " + vm.getHostName()); + } _eventDao.persist(event); _vmDao.updateIf(vm, VirtualMachine.Event.OperationSucceeded, null); @@ -2916,8 +2955,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM long dataCenterId = dc.getId(); long serviceOfferingId = offering.getId(); long templateId = -1; - if (template != null) - templateId = template.getId(); + if (template != null) { + templateId = template.getId(); + } if (s_logger.isDebugEnabled()) { s_logger.debug("Creating directly attached vm for account id=" + account.getId() + @@ -3015,10 +3055,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM if (poolId == 0) { if(vm != null && vm.getHostName()!=null && vm.getDisplayName() != null) { - if(!vm.getHostName().equals(vm.getDisplayName())) - s_logger.debug("failed to create VM instance : " + name+"("+vm.getDisplayName()+")"); - else - s_logger.debug("failed to create VM instance : " + name); + if(!vm.getHostName().equals(vm.getDisplayName())) { + s_logger.debug("failed to create VM instance : " + name+"("+vm.getDisplayName()+")"); + } else { + s_logger.debug("failed to create VM instance : " + name); + } } else { @@ -3041,10 +3082,11 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM String diskOfferingIdentifier = (diskOffering != null) ? String.valueOf(diskOffering.getId()) : "-1"; String eventParams = "id=" + vm.getId() + "\nvmName=" + vm.getHostName() + "\nsoId=" + vm.getServiceOfferingId() + "\ndoId=" + diskOfferingIdentifier + "\ntId=" + vm.getTemplateId() + "\ndcId=" + vm.getDataCenterId(); event.setParameters(eventParams); - if(!vm.getHostName().equals(vm.getDisplayName())) - event.setDescription("successfully created VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); - else - event.setDescription("successfully created VM instance : " + vm.getHostName()); + if(!vm.getHostName().equals(vm.getDisplayName())) { + event.setDescription("successfully created VM instance : " + vm.getHostName()+"("+vm.getDisplayName()+")"); + } else { + event.setDescription("successfully created VM instance : " + vm.getHostName()); + } _eventDao.persist(event); _vmDao.updateIf(vm, VirtualMachine.Event.OperationSucceeded, null); @@ -3185,8 +3227,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM Long id = cmd.getId(); //if account is removed, return error - if(account!=null && account.getRemoved() != null) - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "The account " + account.getId()+" is removed"); + if(account!=null && account.getRemoved() != null) { + throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "The account " + account.getId()+" is removed"); + } UserVmVO vmInstance = _vmDao.findById(id); if (vmInstance == null) { @@ -3215,8 +3258,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM Long id = cmd.getId(); //if account is removed, return error - if(account!=null && account.getRemoved() != null) - throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "The account " + account.getId()+" is removed"); + if(account!=null && account.getRemoved() != null) { + throw new ServerApiException(BaseCmd.ACCOUNT_ERROR, "The account " + account.getId()+" is removed"); + } UserVmVO vmInstance = _vmDao.findById(id.longValue()); if (vmInstance == null) { @@ -3745,8 +3789,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM Long userId = UserContext.current().getUserId(); //if account is removed, return error - if (caller != null && caller.getRemoved() != null) + if (caller != null && caller.getRemoved() != null) { throw new PermissionDeniedException("The account " + caller.getId()+" is removed"); + } UserVmVO vm = _vmDao.findById(vmId); if (vm == null) { @@ -3784,8 +3829,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM Long userId = UserContext.current().getUserId(); //if account is removed, return error - if(account!=null && account.getRemoved() != null) + if(account!=null && account.getRemoved() != null) { throw new PermissionDeniedException("The account " + account.getId()+" is removed"); + } UserVmVO vm = _vmDao.findById(vmId); if (vm == null) { diff --git a/setup/db/create-index-fk.sql b/setup/db/create-index-fk.sql index 65fe768283f..259b2956a4c 100755 --- a/setup/db/create-index-fk.sql +++ b/setup/db/create-index-fk.sql @@ -58,8 +58,6 @@ ALTER TABLE `cloud`.`storage_pool` ADD CONSTRAINT `fk_storage_pool__cluster_id` ALTER TABLE `cloud`.`storage_pool_details` ADD CONSTRAINT `fk_storage_pool_details__pool_id` FOREIGN KEY `fk_storage_pool__pool_id`(`pool_id`) REFERENCES `storage_pool`(`id`) ON DELETE CASCADE; ALTER TABLE `cloud`.`storage_pool_details` ADD INDEX `i_storage_pool_details__name__value`(`name`(128), `value`(128)); -ALTER TABLE `cloud`.`op_networks` ADD CONSTRAINT `fk_op_networks__id` FOREIGN KEY `fk_op_networks__id`(`id`) REFERENCES `networks`(`id`) ON DELETE CASCADE; - ALTER TABLE `cloud`.`user` ADD INDEX `i_user__secret_key_removed`(`secret_key`, `removed`); ALTER TABLE `cloud`.`user` ADD INDEX `i_user__removed`(`removed`); ALTER TABLE `cloud`.`user` ADD UNIQUE `i_user__api_key`(`api_key`); diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index 89a2e66ba22..71e4fff2147 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -1,4 +1,5 @@ SET foreign_key_checks = 0; +DROP VIEW IF EXISTS `cloud`.`port_forwarding_rules_view`; DROP TABLE IF EXISTS `cloud`.`configuration`; DROP TABLE IF EXISTS `cloud`.`ip_forwarding`; DROP TABLE IF EXISTS `cloud`.`management_agent`; @@ -84,6 +85,10 @@ DROP TABLE IF EXISTS `cloud`.`instance_group`; DROP TABLE IF EXISTS `cloud`.`instance_group_vm_map`; DROP TABLE IF EXISTS `cloud`.`certificate`; DROP TABLE IF EXISTS `cloud`.`op_it_work`; +DROP TABLE IF EXISTS `cloud`.`load_balancing_ip_map`; +DROP TABLE IF EXISTS `cloud`.`load_balancing_rules`; +DROP TABLE IF EXISTS `cloud`.`port_forwarding_rules`; +DROP TABLE IF EXISTS `cloud`.`firewall_rules`; CREATE TABLE `cloud`.`op_it_work` ( `id` char(40) COMMENT 'id', @@ -106,7 +111,8 @@ CREATE TABLE `cloud`.`hypervsior_properties` ( CREATE TABLE `cloud`.`op_networks`( `id` bigint unsigned NOT NULL UNIQUE KEY, `mac_address_seq` bigint unsigned NOT NULL DEFAULT 1 COMMENT 'mac address', - PRIMARY KEY(`id`) + PRIMARY KEY(`id`), + CONSTRAINT `fk_op_networks__id` FOREIGN KEY (`id`) REFERENCES `networks`(`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `cloud`.`networks` ( @@ -425,6 +431,54 @@ CREATE TABLE `cloud`.`op_dc_vnet_alloc` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; +CREATE TABLE `cloud`.`firewall_rules` ( + `id` bigint unsigned NOT NULL auto_increment COMMENT 'id', + `ip_address` bigint unsigned NOT NULL COMMENT 'id_address', + `start_port` int(10) NOT NULL default -1 COMMENT 'starting port of a port range', + `end_port` int(10) NOT NULL default -1 COMMENT 'end port of a port range', + `state` char(32) NOT NULL COMMENT 'current state of this rule', + `protocol` char(16) NOT NULL default 'TCP' COMMENT 'protocol to open these ports for', + `purpose` char(32) NOT NULL COMMENT 'why are these ports opened?', + `account_id` bigint unsigned NOT NULL COMMENT 'owner id', + `domain_id` bigint unsigned NOT NULL COMMENT 'domain id', + `xid` char(40) NOT NULL COMMENT 'external id', + `created` datetime COMMENT 'Date created', + PRIMARY KEY (`id`) +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +CREATE TABLE `cloud`.`load_balancing_rules` ( + `id` bigint unsigned NOT NULL, + `name` varchar(255) NOT NULL, + `description` varchar(4096) NULL COMMENT 'description', + `default_port_start` int(10) NOT NULL COMMENT 'default private port range start', + `default_port_end` int(10) NOT NULL COMMENT 'default destination port range end', + `algorithm` varchar(255) NOT NULL, + PRIMARY KEY (`id`), + CONSTRAINT `fk_load_balancing_rules__id` FOREIGN KEY(`id`) REFERENCES `firewall_rules`(`id`) ON DELETE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +CREATE TABLE `cloud`.`load_balancer_vm_map` ( + `id` bigint unsigned NOT NULL auto_increment, + `load_balancer_id` bigint unsigned NOT NULL, + `instance_id` bigint unsigned NOT NULL, + `pending` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'whether the vm is being applied to the load balancer (pending=1) or has already been applied (pending=0)', + PRIMARY KEY (`id`), + UNIQUE KEY (`load_balancer_id`, `instance_id`), + CONSTRAINT `fk_load_balancer_vm_map__load_balancer_id` FOREIGN KEY(`load_balancer_id`) REFERENCES `load_balancing_rules`(`id`) ON DELETE CASCADE, + CONSTRAINT `fk_load_balancer_vm_map__instance_id` FOREIGN KEY(`instance_id`) REFERENCES `vm_instance`(`id`) ON DELETE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +CREATE TABLE `cloud`.`port_forwarding_rules` ( + `id` bigint unsigned NOT NULL COMMENT 'id', + `dest_ip_address` bigint unsigned NOT NULL COMMENT 'id_address', + `dest_port_start` int(10) NOT NULL COMMENT 'starting port of the port range to map to', + `dest_port_end` int(10) NOT NULL COMMENT 'end port of the the port range to map to', + PRIMARY KEY (`id`), + CONSTRAINT `fk_port_forwarding_rules__id` FOREIGN KEY(`id`) REFERENCES `firewall_rules`(`id`) ON DELETE CASCADE +) ENGINE=InnoDB DEFAULT CHARSET=utf8; + +CREATE VIEW `cloud`.`port_forwarding_rules_view` AS SELECT fw.id, INET_NTOA(fw.ip_address) as src_ip_address, INET_NTOA(pf.dest_ip_address), fw.start_port as src_port_start, pf.dest_port_start, fw.end_port as src_end_port, pf.dest_port_end as dest_end_port, fw.state, fw.protocol, fw.purpose, fw.account_id from firewall_rules as fw inner join port_forwarding_rules as pf on fw.id=pf.id; + CREATE TABLE `cloud`.`ip_forwarding` ( `id` bigint unsigned NOT NULL auto_increment, `group_id` bigint unsigned default NULL, @@ -439,6 +493,7 @@ CREATE TABLE `cloud`.`ip_forwarding` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8; + CREATE TABLE `cloud`.`host` ( `id` bigint unsigned NOT NULL auto_increment, `name` varchar(255) NOT NULL, @@ -946,14 +1001,6 @@ CREATE TABLE `cloud`.`security_group_vm_map` ( PRIMARY KEY (`id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; -CREATE TABLE `cloud`.`load_balancer_vm_map` ( - `id` bigint unsigned NOT NULL auto_increment, - `load_balancer_id` bigint unsigned NOT NULL, - `instance_id` bigint unsigned NOT NULL, - `pending` tinyint(1) unsigned NOT NULL DEFAULT 0 COMMENT 'whether the vm is being applied to the load balancer (pending=1) or has already been applied (pending=0)', - PRIMARY KEY (`id`) -) ENGINE=InnoDB DEFAULT CHARSET=utf8; - CREATE TABLE `cloud`.`load_balancer` ( `id` bigint unsigned NOT NULL auto_increment, `name` varchar(255) NOT NULL, diff --git a/utils/src/com/cloud/utils/component/ComponentLibrary.java b/utils/src/com/cloud/utils/component/ComponentLibrary.java index d1b914a21f2..f1b67e073c1 100644 --- a/utils/src/com/cloud/utils/component/ComponentLibrary.java +++ b/utils/src/com/cloud/utils/component/ComponentLibrary.java @@ -23,8 +23,31 @@ import java.util.Map; import com.cloud.utils.component.ComponentLocator.ComponentInfo; import com.cloud.utils.db.GenericDao; +/** + * ComponentLibrary specifies the implementation classes that a server needs + * to do its work. You can specify the implementation class in the "library" + * attribute of the server element within components.xml. ComponentLocator + * first loads the implementations specified here, then, it loads the + * implementations from components.xml. If an interface is specified in both + * the ComponentLibrary and the components.xml for the same server, the interface + * within the components.xml overrides the one within ComponentLibrary. + * + */ public interface ComponentLibrary { + /** + * @return all of the daos + */ Map>> getDaos(); + + /** + * @return all of the Managers + */ Map> getManagers(); + + /** + * @return all of the adapters + */ Map>> getAdapters(); + + Map, Class> getFactories(); } diff --git a/utils/src/com/cloud/utils/component/ComponentLocator.java b/utils/src/com/cloud/utils/component/ComponentLocator.java index 39a13894611..ce326a15752 100755 --- a/utils/src/com/cloud/utils/component/ComponentLocator.java +++ b/utils/src/com/cloud/utils/component/ComponentLocator.java @@ -89,6 +89,7 @@ public class ComponentLocator implements ComponentLocatorMBean { protected LinkedHashMap>> _daoMap; protected String _serverName; protected Object _component; + protected HashMap, Class> _factories; static { Runtime.getRuntime().addShutdownHook(new CleanupThread()); @@ -114,6 +115,7 @@ public class ComponentLocator implements ComponentLocatorMBean { _daoMap = new LinkedHashMap>>(); _managerMap = new LinkedHashMap>(); _adapterMap = new HashMap>(); + _factories = new HashMap, Class>(); File file = PropertiesUtil.findConfigFile(filename); if (file == null) { s_logger.info("Unable to find " + filename); @@ -136,6 +138,7 @@ public class ComponentLocator implements ComponentLocatorMBean { adapters.putAll(parentLocator.parse2(parentFile).second()); _daoMap.putAll(parentLocator._daoMap); _managerMap.putAll(parentLocator._managerMap); + _factories.putAll(parentLocator._factories); } ComponentLibrary library = null; @@ -145,6 +148,7 @@ public class ComponentLocator implements ComponentLocatorMBean { _daoMap.putAll(library.getDaos()); _managerMap.putAll(library.getManagers()); adapters.putAll(library.getAdapters()); + _factories.putAll(library.getFactories()); } _daoMap.putAll(handler.daos); @@ -594,6 +598,14 @@ public class ComponentLocator implements ComponentLocatorMBean { return (T)createInstance(clazz, true, false); } + public T createInstance(Class clazz) { + Class impl = (Class)_factories.get(clazz); + if (impl == null) { + throw new CloudRuntimeException("Unable to find a factory for " + clazz); + } + return inject(impl); + } + public static T inject(Class clazz, Object... args) { return (T)createInstance(clazz, true, false, args); } diff --git a/utils/src/com/cloud/utils/db/GenericDao.java b/utils/src/com/cloud/utils/db/GenericDao.java index 2a373cca79d..78ed3a0feac 100755 --- a/utils/src/com/cloud/utils/db/GenericDao.java +++ b/utils/src/com/cloud/utils/db/GenericDao.java @@ -39,6 +39,11 @@ public interface GenericDao { */ static final String CREATED_COLUMN = "created"; + /** + * This column can be used if the value is exposed to the external. + */ + static final String XID_COLUMN = "xid"; + /** * Look for an entity bean using the database id. Does not lock the row. * @param id database unique id for the entity bean. diff --git a/utils/src/com/cloud/utils/db/GenericDaoBase.java b/utils/src/com/cloud/utils/db/GenericDaoBase.java index a5dab05daa9..51b994f392b 100755 --- a/utils/src/com/cloud/utils/db/GenericDaoBase.java +++ b/utils/src/com/cloud/utils/db/GenericDaoBase.java @@ -40,6 +40,7 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.TimeZone; +import java.util.UUID; import javax.naming.ConfigurationException; import javax.persistence.AttributeOverride; @@ -67,6 +68,8 @@ import com.cloud.utils.Pair; import com.cloud.utils.Ternary; import com.cloud.utils.db.SearchCriteria.SelectType; import com.cloud.utils.exception.CloudRuntimeException; +import com.cloud.utils.net.Ip; +import com.cloud.utils.net.NetUtils; /** * GenericDaoBase is a simple way to implement DAOs. It DOES NOT @@ -529,6 +532,17 @@ public abstract class GenericDaoBase implements Gene } catch (MalformedURLException e) { throw new CloudRuntimeException("Invalid URL: " + rs.getString(index), e); } + } else if (type == Ip.class) { + final Enumerated enumerated = field.getAnnotation(Enumerated.class); + final EnumType enumType = (enumerated == null) ? EnumType.STRING : enumerated.value(); + + Ip ip = null; + if (enumType == EnumType.STRING) { + ip = new Ip(NetUtils.ip2Long(rs.getString(index))); + } else { + ip = new Ip(rs.getLong(index)); + } + field.set(entity, ip); } else if (type == short.class) { field.setShort(entity, rs.getShort(index)); } else if (type == Short.class) { @@ -582,7 +596,7 @@ public abstract class GenericDaoBase implements Gene throw new CloudRuntimeException("UnsupportedEncodingException exception while converting UTF-8 data"); } } else { - return (M)null; + return null; } } else if (type == int.class) { return (M)new Integer(rs.getInt(index)); @@ -827,8 +841,9 @@ public abstract class GenericDaoBase implements Gene @Override @DB(txn=false) public T findById(final ID id, boolean fresh) { - if(!fresh) - return findById(id); + if(!fresh) { + return findById(id); + } if (_cache != null) { _cache.remove(id); @@ -909,8 +924,9 @@ public abstract class GenericDaoBase implements Gene for(int i = 0; i < groupBys.size(); i++) { Attribute attr = groupBys.get(i); sql.append(attr.table).append(".").append(attr.columnName); - if(i < groupBys.size() - 1) - sql.append(", "); + if(i < groupBys.size() - 1) { + sql.append(", "); + } } } } @@ -1188,6 +1204,9 @@ public abstract class GenericDaoBase implements Gene return null; // Not sure what to do here. } else if (attr.is(Attribute.Flag.AutoGV)) { + if (attr.columnName == GenericDao.XID_COLUMN) { + UUID.randomUUID().toString(); + } assert (false) : "Auto generation is not supported."; return null; } else if (attr.is(Attribute.Flag.SequenceGV)) { @@ -1278,6 +1297,14 @@ public abstract class GenericDaoBase implements Gene pstmt.setURL(j, (URL)value); } else if (attr.field.getType() == byte[].class) { pstmt.setBytes(j, (byte[])value); + } else if (attr.field.getType() == Ip.class) { + final Enumerated enumerated = attr.field.getType().getAnnotation(Enumerated.class); + final EnumType type = (enumerated == null) ? EnumType.ORDINAL : enumerated.value(); + if (type == EnumType.STRING) { + pstmt.setString(j, value == null ? null : value.toString()); + } else if (type == EnumType.ORDINAL) { + pstmt.setLong(j, value != null ? null : ((Ip)value).longValue()); + } } else { pstmt.setObject(j, value); } diff --git a/utils/src/com/cloud/utils/db/GenericSearchBuilder.java b/utils/src/com/cloud/utils/db/GenericSearchBuilder.java index 0a3b7e47b1c..60f3ca8c3be 100644 --- a/utils/src/com/cloud/utils/db/GenericSearchBuilder.java +++ b/utils/src/com/cloud/utils/db/GenericSearchBuilder.java @@ -142,12 +142,21 @@ public class GenericSearchBuilder implements MethodInterceptor { if (name.startsWith("get")) { String fieldName = Character.toLowerCase(name.charAt(3)) + name.substring(4); set(fieldName); + return null; } else if (name.startsWith("is")) { String fieldName = Character.toLowerCase(name.charAt(2)) + name.substring(3); set(fieldName); + return null; } else { + name = name.toLowerCase(); + for (String fieldName : _attrs.keySet()) { + if (name.endsWith(fieldName.toLowerCase())) { + set(fieldName); + return null; + } + } assert false : "Perhaps you need to make the method start with get or is?"; - } + } return methodProxy.invokeSuper(object, args); } @@ -207,8 +216,9 @@ public class GenericSearchBuilder implements MethodInterceptor { } Attribute[] attrs = _specifiedAttrs.toArray(new Attribute[_specifiedAttrs.size()]); - for(Attribute attr : attrs) + for(Attribute attr : attrs) { _groupBys.add(attr); + } _specifiedAttrs.clear(); return this; diff --git a/utils/src/com/cloud/utils/db/SqlGenerator.java b/utils/src/com/cloud/utils/db/SqlGenerator.java index 183e8ec450a..6e53132373d 100755 --- a/utils/src/com/cloud/utils/db/SqlGenerator.java +++ b/utils/src/com/cloud/utils/db/SqlGenerator.java @@ -223,6 +223,18 @@ public class SqlGenerator { attr.setTrue(Attribute.Flag.Nullable); attr.setTrue(Attribute.Flag.Removed); } + + attr = findAttribute(GenericDao.XID_COLUMN); + if (attr != null && attr.field.getType() == String.class) { + attr.setTrue(Attribute.Flag.DaoGenerated); + attr.setFalse(Attribute.Flag.Insertable); + attr.setFalse(Attribute.Flag.Updatable); + attr.setFalse(Attribute.Flag.TimeStamp); + attr.setFalse(Attribute.Flag.Time); + attr.setFalse(Attribute.Flag.Date); + attr.setFalse(Attribute.Flag.Nullable); + attr.setFalse(Attribute.Flag.Removed); + } } public Attribute findAttribute(String name) { diff --git a/utils/src/com/cloud/utils/db/UpdateBuilder.java b/utils/src/com/cloud/utils/db/UpdateBuilder.java index fb5936e69c9..4ea4b0ae791 100755 --- a/utils/src/com/cloud/utils/db/UpdateBuilder.java +++ b/utils/src/com/cloud/utils/db/UpdateBuilder.java @@ -47,7 +47,7 @@ public class UpdateBuilder implements MethodInterceptor { makeIncrChange(name, args); } else if (name.startsWith("decr")) { makeDecrChange(name, args); - } + } return methodProxy.invokeSuper(object, args); } diff --git a/utils/src/com/cloud/utils/net/Ip.java b/utils/src/com/cloud/utils/net/Ip.java new file mode 100644 index 00000000000..1c3844d1ce7 --- /dev/null +++ b/utils/src/com/cloud/utils/net/Ip.java @@ -0,0 +1,78 @@ +/** + * Copyright (C) 2010 Cloud.com, Inc. All rights reserved. + * + * This software is licensed under the GNU General Public License v3 or later. + * + * It is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or any later version. + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + * + */ +package com.cloud.utils.net; + +import com.cloud.utils.NumbersUtil; + +/** + * Simple Ip implementation class that works with both ip4 and ip6. + * + */ +public class Ip { + long ip; + + public Ip(long ip) { + this.ip = ip; + } + + public Ip(String ip) { + this.ip = NetUtils.ip2Long(ip); + } + + protected Ip() { + } + + public String addr() { + return toString(); + } + + public long longValue() { + return ip; + } + + @Override + public String toString() { + return NetUtils.long2Ip(ip); + } + + public boolean isIp4() { + return ip < Integer.MAX_VALUE; + } + + public boolean isIp6() { + return ip > Integer.MAX_VALUE; + } + + @Override + public int hashCode() { + return NumbersUtil.hash(ip); + } + + @Override + public boolean equals(Object obj) { + if (obj instanceof Ip) { + return ip == ((Ip)obj).ip; + } else if (obj instanceof String) { + return ip == NetUtils.ip2Long((String)obj); + } else if (obj instanceof Long) { + return ip == (Long)obj; + } else { + return false; + } + } +} diff --git a/utils/src/com/cloud/utils/net/NetUtils.java b/utils/src/com/cloud/utils/net/NetUtils.java index 94a93b515e0..0c6d2d8cf88 100755 --- a/utils/src/com/cloud/utils/net/NetUtils.java +++ b/utils/src/com/cloud/utils/net/NetUtils.java @@ -89,8 +89,9 @@ public class NetUtils { } InetAddress[] addrs = new InetAddress[addrList.size()]; - if(addrList.size() > 0) - System.arraycopy(addrList.toArray(), 0, addrs, 0, addrList.size()); + if(addrList.size() > 0) { + System.arraycopy(addrList.toArray(), 0, addrs, 0, addrList.size()); + } return addrs; } @@ -98,11 +99,13 @@ public class NetUtils { InetAddress[] addrs = getAllLocalInetAddresses(); if(addrs != null) { for(InetAddress addr : addrs) { - if(s_logger.isInfoEnabled()) - s_logger.info("Check local InetAddress : " + addr.toString() + ", total count :" + addrs.length); + if(s_logger.isInfoEnabled()) { + s_logger.info("Check local InetAddress : " + addr.toString() + ", total count :" + addrs.length); + } - if(!addr.isLoopbackAddress()) - return addr; + if(!addr.isLoopbackAddress()) { + return addr; + } } } @@ -125,8 +128,9 @@ public class NetUtils { } InetAddress[] addrs = new InetAddress[addrList.size()]; - if(addrList.size() > 0) - System.arraycopy(addrList.toArray(), 0, addrs, 0, addrList.size()); + if(addrList.size() > 0) { + System.arraycopy(addrList.toArray(), 0, addrs, 0, addrList.size()); + } return addrs; } @@ -151,8 +155,9 @@ public class NetUtils { if(addrs != null) { for(InetAddress self : addrs) { - if(self.equals(addr)) - return true; + if(self.equals(addr)) { + return true; + } } } return false; @@ -191,8 +196,9 @@ public class NetUtils { NetworkInterface ni = NetworkInterface.getByInetAddress(address); byte[] mac = ni.getHardwareAddress(); - for (int i = 0; i < mac.length; i++) - macAddressAsLong |= ((long)(mac[i] & 0xff) << (mac.length - i - 1)*8); + for (int i = 0; i < mac.length; i++) { + macAddressAsLong |= ((long)(mac[i] & 0xff) << (mac.length - i - 1)*8); + } } catch (SocketException e) { s_logger.error("SocketException when trying to retrieve MAC address", e); @@ -337,8 +343,9 @@ public class NetUtils { public static boolean isValidPrivateIp(String ipAddress, String guestIPAddress) { InetAddress privIp = parseIpAddress(ipAddress); - if (privIp == null) - return false; + if (privIp == null) { + return false; + } if (!privIp.isSiteLocalAddress()) { return false; } @@ -350,7 +357,9 @@ public class NetUtils { } String[] ipList = ipAddress.split("\\."); - if (!ipList[0].equals(firstGuestOctet)) return false; + if (!ipList[0].equals(firstGuestOctet)) { + return false; + } return true; } @@ -365,7 +374,9 @@ public class NetUtils { } public static boolean validIpRange(String startIP, String endIP) { - if (endIP == null || endIP.isEmpty()) return true; + if (endIP == null || endIP.isEmpty()) { + return true; + } long startIPLong = NetUtils.ip2Long(startIP); long endIPLong = NetUtils.ip2Long(endIP); @@ -390,10 +401,14 @@ public class NetUtils { return false; } // Each octet must be between 0 and 255, inclusive - if (octet < 0 || octet > 255) return false; + if (octet < 0 || octet > 255) { + return false; + } // Each octetString must have between 1 and 3 characters - if (octetString.length() < 1 || octetString.length() > 3) return false; + if (octetString.length() < 1 || octetString.length() > 3) { + return false; + } } @@ -402,12 +417,18 @@ public class NetUtils { } public static boolean isValidCIDR(final String cidr) { - if (cidr == null || cidr.isEmpty()) return false; + if (cidr == null || cidr.isEmpty()) { + return false; + } String[] cidrPair = cidr.split("\\/"); - if (cidrPair.length != 2) return false; + if (cidrPair.length != 2) { + return false; + } String cidrAddress = cidrPair[0]; String cidrSize = cidrPair[1]; - if (!isValidIp(cidrAddress)) return false; + if (!isValidIp(cidrAddress)) { + return false; + } int cidrSizeNum = -1; try { @@ -416,14 +437,17 @@ public class NetUtils { return false; } - if (cidrSizeNum < 0 || cidrSizeNum > 32) return false; + if (cidrSizeNum < 0 || cidrSizeNum > 32) { + return false; + } return true; } public static boolean isValidNetmask(String netmask) { - if (!isValidIp(netmask)) - return false; + if (!isValidIp(netmask)) { + return false; + } long ip = ip2Long(netmask); int count = 0; @@ -432,14 +456,16 @@ public class NetUtils { if (((ip >> i) & 0x1) == 0) { finished = true; } else { - if (finished) - return false; + if (finished) { + return false; + } count += 1; } } - if (count == 0) - return false; + if (count == 0) { + return false; + } return true; } @@ -523,7 +549,9 @@ public class NetUtils { } public static boolean sameSubnet(final String ip1, final String ip2, final String netmask) { - if (ip1 == null || ip1.isEmpty() || ip2 == null || ip2.isEmpty()) return true; + if (ip1 == null || ip1.isEmpty() || ip2 == null || ip2.isEmpty()) { + return true; + } String subnet1 = NetUtils.getSubNet(ip1, netmask); String subnet2 = NetUtils.getSubNet(ip2, netmask); @@ -531,7 +559,9 @@ public class NetUtils { } public static boolean sameSubnetCIDR(final String ip1, final String ip2, final long cidrSize) { - if (ip1 == null || ip1.isEmpty() || ip2 == null || ip2.isEmpty()) return true; + if (ip1 == null || ip1.isEmpty() || ip2 == null || ip2.isEmpty()) { + return true; + } String subnet1 = NetUtils.getCidrSubNet(ip1, cidrSize); String subnet2 = NetUtils.getCidrSubNet(ip2, cidrSize); @@ -557,8 +587,9 @@ public class NetUtils { long result = ipAddr & subnet; int bits = (subnet == 0)?0:1; long subnet2 = subnet; - while ((subnet2 = (subnet2 >> 1) & subnet) != 0 ) - bits++; + while ((subnet2 = (subnet2 >> 1) & subnet) != 0 ) { + bits++; + } return long2Ip(result) + "/" + Integer.toString(bits); } @@ -569,8 +600,9 @@ public class NetUtils { long start = (ipAddr & subnet) + 1; long end = start; int bits = (subnet == 0)?0:1; - while ((subnet = (subnet >> 1) & subnet) != 0 ) - bits++; + while ((subnet = (subnet >> 1) & subnet) != 0 ) { + bits++; + } end = end >> (32 - bits); end++; @@ -590,12 +622,18 @@ public class NetUtils { } public static Long cidrToLong(String cidr) { - if (cidr == null || cidr.isEmpty()) return null; + if (cidr == null || cidr.isEmpty()) { + return null; + } String[] cidrPair = cidr.split("\\/"); - if (cidrPair.length != 2) return null; + if (cidrPair.length != 2) { + return null; + } String cidrAddress = cidrPair[0]; String cidrSize = cidrPair[1]; - if (!isValidIp(cidrAddress)) return null; + if (!isValidIp(cidrAddress)) { + return null; + } int cidrSizeNum = -1; try { @@ -609,12 +647,18 @@ public class NetUtils { } public static String getCidrSubNet(String cidr) { - if (cidr == null || cidr.isEmpty()) return null; + if (cidr == null || cidr.isEmpty()) { + return null; + } String[] cidrPair = cidr.split("\\/"); - if (cidrPair.length != 2) return null; + if (cidrPair.length != 2) { + return null; + } String cidrAddress = cidrPair[0]; String cidrSize = cidrPair[1]; - if (!isValidIp(cidrAddress)) return null; + if (!isValidIp(cidrAddress)) { + return null; + } int cidrSizeNum = -1; try { @@ -660,6 +704,10 @@ public class NetUtils { } } + public static boolean isValidPort(int p) { + return !(p > 65535 || p < 1); + } + public static boolean isValidLBPort(String p) { try { int port = Integer.parseInt(p); From bb78986ddbeb537dda9d32091e0487aa77c76725 Mon Sep 17 00:00:00 2001 From: Alex Huang Date: Thu, 2 Dec 2010 10:52:00 -0800 Subject: [PATCH 02/70] port forwarding working --- .../commands/CreatePortForwardingRuleCmd.java | 2 +- .../DefaultComponentLibrary.java | 7 ++- .../src/com/cloud/network/LoadBalancerVO.java | 6 +-- .../com/cloud/network/NetworkManagerImpl.java | 21 +++++++- .../network/dao/FirewallRulesDaoImpl.java | 2 +- .../cloud/network/rules/FirewallRuleVO.java | 5 +- .../network/rules/PortForwardingRuleVO.java | 2 +- .../cloud/network/rules/RulesManagerImpl.java | 48 +++++------------ .../rules/dao/PortForwardingRulesDao.java | 8 +++ ...l.java => PortForwardingRulesDaoImpl.java} | 21 ++++++-- .../com/cloud/user/AccountManagerImpl.java | 53 ++++++++++++------- setup/db/create-schema.sql | 8 ++- utils/src/com/cloud/utils/db/Attribute.java | 1 - .../com/cloud/utils/db/GenericDaoBase.java | 2 +- 14 files changed, 114 insertions(+), 72 deletions(-) rename server/src/com/cloud/network/rules/dao/{PortForwardingRuleDaoImpl.java => PortForwardingRulesDaoImpl.java} (71%) diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java index dca0fbf816e..9917f3eaa2b 100644 --- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java @@ -171,7 +171,7 @@ public class CreatePortForwardingRuleCmd extends BaseCmd implements PortForwardi @Override public Ip getDestinationIpAddress() { - throw new UnsupportedOperationException("Not implemented yet"); + return null; } @Override diff --git a/server/src/com/cloud/configuration/DefaultComponentLibrary.java b/server/src/com/cloud/configuration/DefaultComponentLibrary.java index 99dc726a6cf..b1ba2a8b619 100644 --- a/server/src/com/cloud/configuration/DefaultComponentLibrary.java +++ b/server/src/com/cloud/configuration/DefaultComponentLibrary.java @@ -61,7 +61,6 @@ import com.cloud.maid.dao.StackMaidDaoImpl; import com.cloud.maint.UpgradeManagerImpl; import com.cloud.maint.dao.AgentUpgradeDaoImpl; import com.cloud.network.NetworkManagerImpl; -import com.cloud.network.dao.FirewallRulesDao; import com.cloud.network.dao.FirewallRulesDaoImpl; import com.cloud.network.dao.IPAddressDaoImpl; import com.cloud.network.dao.LoadBalancerDaoImpl; @@ -72,6 +71,8 @@ import com.cloud.network.dao.RemoteAccessVpnDaoImpl; import com.cloud.network.dao.VpnUserDaoImpl; import com.cloud.network.lb.LoadBalancingRulesManagerImpl; import com.cloud.network.router.DomainRouterManagerImpl; +import com.cloud.network.rules.RulesManagerImpl; +import com.cloud.network.rules.dao.PortForwardingRulesDaoImpl; import com.cloud.network.security.NetworkGroupManagerImpl; import com.cloud.network.security.dao.IngressRuleDaoImpl; import com.cloud.network.security.dao.NetworkGroupDaoImpl; @@ -226,7 +227,8 @@ public class DefaultComponentLibrary implements ComponentLibrary { addDao("RemoteAccessVpnDao", RemoteAccessVpnDaoImpl.class); addDao("VpnUserDao", VpnUserDaoImpl.class); addDao("ItWorkDao", ItWorkDaoImpl.class); - addDao("FirewallRulesDao", FirewallRulesDao.class); + addDao("FirewallRulesDao", FirewallRulesDaoImpl.class); + addDao("PortForwardingRulesDao", PortForwardingRulesDaoImpl.class); } Map> _managers = new HashMap>(); @@ -279,6 +281,7 @@ public class DefaultComponentLibrary implements ComponentLibrary { addManager("DomainRouterManager", DomainRouterManagerImpl.class); addManager("EntityManager", EntityManagerImpl.class); addManager("LoadBalancingRulesManager", LoadBalancingRulesManagerImpl.class); + addManager("RulesManager", RulesManagerImpl.class); } protected List> addAdapterChain(Class interphace, List>> adapters) { diff --git a/server/src/com/cloud/network/LoadBalancerVO.java b/server/src/com/cloud/network/LoadBalancerVO.java index 7e7788f7c60..a0c6e0be4cb 100644 --- a/server/src/com/cloud/network/LoadBalancerVO.java +++ b/server/src/com/cloud/network/LoadBalancerVO.java @@ -21,9 +21,9 @@ package com.cloud.network; import java.util.List; import javax.persistence.Column; +import javax.persistence.DiscriminatorValue; import javax.persistence.Entity; import javax.persistence.PrimaryKeyJoinColumn; -import javax.persistence.SecondaryTable; import javax.persistence.Table; import com.cloud.network.rules.FirewallRuleVO; @@ -33,8 +33,8 @@ import com.cloud.utils.net.NetUtils; @Entity @Table(name=("load_balancer")) -@SecondaryTable(name="account", - pkJoinColumns={@PrimaryKeyJoinColumn(name="account_id", referencedColumnName="id")}) +@DiscriminatorValue(value="LoadBalancing") +@PrimaryKeyJoinColumn(name="id") public class LoadBalancerVO extends FirewallRuleVO implements LoadBalancer { @Column(name="name") diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 9c0b37e240c..e5c764382cf 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -2124,7 +2124,24 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Override public boolean applyRules(Ip ip, List rules, boolean continueOnError) throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; + if (rules.size() == 0) { + s_logger.debug("There are no rules to forward to the network elements"); + return true; + } + + Network network = _networkConfigDao.findById(rules.get(0).getNetworkId()); + for (NetworkElement ne : _networkElements) { + try { + boolean handled = ne.applyRules(network, rules); + s_logger.debug("Network Rules for " + ip + " were " + (handled ? "" : " not") + " handled by " + ne.getName()); + } catch (ResourceUnavailableException e) { + if (!continueOnError) { + throw e; + } + s_logger.warn("Problems with " + ne.getName() + " but pushing on", e); + } + } + + return true; } } diff --git a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java index d7a507a8195..d0720ba0de8 100644 --- a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java +++ b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java @@ -33,7 +33,7 @@ import com.cloud.utils.db.SearchCriteria; import com.cloud.utils.db.SearchCriteria.Op; import com.cloud.utils.net.Ip; -@Local(value = { FirewallRulesDao.class }) @DB(txn=false) +@Local(value=FirewallRulesDao.class) @DB(txn=false) public class FirewallRulesDaoImpl extends GenericDaoBase implements FirewallRulesDao { private static final Logger s_logger = Logger.getLogger(FirewallRulesDaoImpl.class); diff --git a/server/src/com/cloud/network/rules/FirewallRuleVO.java b/server/src/com/cloud/network/rules/FirewallRuleVO.java index 84cc86b9a38..51ce6515d93 100644 --- a/server/src/com/cloud/network/rules/FirewallRuleVO.java +++ b/server/src/com/cloud/network/rules/FirewallRuleVO.java @@ -58,10 +58,10 @@ public class FirewallRuleVO implements FirewallRule { @Column(name="ip_address", updatable=false) Ip sourceIpAddress; - @Column(name="port_start", updatable=false) + @Column(name="start_port", updatable=false) int sourcePortStart; - @Column(name="port_end", updatable=false) + @Column(name="end_port", updatable=false) int sourcePortEnd; @Column(name="protocol", updatable=false) @@ -135,6 +135,7 @@ public class FirewallRuleVO implements FirewallRule { return state; } + @Override public long getNetworkId() { return networkId; } diff --git a/server/src/com/cloud/network/rules/PortForwardingRuleVO.java b/server/src/com/cloud/network/rules/PortForwardingRuleVO.java index 180d5cbbe8e..e9112a500fc 100644 --- a/server/src/com/cloud/network/rules/PortForwardingRuleVO.java +++ b/server/src/com/cloud/network/rules/PortForwardingRuleVO.java @@ -29,7 +29,7 @@ import javax.persistence.Table; import com.cloud.utils.net.Ip; @Entity -@Table(name=("port_forwarding_rule")) +@Table(name=("port_forwarding_rules")) @DiscriminatorValue(value="PortForwarding") @PrimaryKeyJoinColumn(name="id") public class PortForwardingRuleVO extends FirewallRuleVO implements PortForwardingRule { diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 2aef929dde6..921c7d1e998 100644 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -56,7 +56,7 @@ import com.cloud.vm.Nic; import com.cloud.vm.UserVmVO; import com.cloud.vm.dao.UserVmDao; -@Local(value=RulesManager.class) +@Local(value={RulesManager.class, RulesService.class}) public class RulesManagerImpl implements RulesManager, RulesService, Manager { private static final Logger s_logger = Logger.getLogger(RulesManagerImpl.class); String _name; @@ -254,11 +254,21 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { // FIXME: Not working yet. return null; } - + @Override public List listPortForwardingRules(ListPortForwardingRulesCmd cmd) { - // TODO Auto-generated method stub - return null; + Ip ipAddress = new Ip(cmd.getIpAddress()); + Account caller = UserContext.current().getAccount(); + + IPAddressVO ipAddressVO = _ipAddressDao.findById(ipAddress.addr()); + if (ipAddressVO == null || ipAddressVO.getAllocated() == null) { + throw new InvalidParameterValueException("Unable to find IP address " + ipAddress); + } + + List rules = _forwardingDao.listByIpAndNotRevoked(ipAddress); + _accountMgr.checkAccess(caller, rules.toArray(new PortForwardingRuleVO[rules.size()])); + + return rules; } @Override @@ -666,36 +676,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { // return newFwRule; // } // -// @Override -// public List listPortForwardingRules(ListPortForwardingRulesCmd cmd) throws InvalidParameterValueException, PermissionDeniedException { -// String ipAddress = cmd.getIpAddress(); -// Account account = UserContext.current().getAccount(); -// -// IPAddressVO ipAddressVO = _ipAddressDao.findById(ipAddress); -// if (ipAddressVO == null) { -// throw new InvalidParameterValueException("Unable to find IP address " + ipAddress); -// } -// -// Account addrOwner = _accountDao.findById(ipAddressVO.getAccountId()); -// -// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters -// if ((account != null) && isAdmin(account.getType())) { -// if (ipAddressVO.getAccountId() != null) { -// if ((addrOwner != null) && !_domainDao.isChildDomain(account.getDomainId(), addrOwner.getDomainId())) { -// throw new PermissionDeniedException("Unable to list port forwarding rules for address " + ipAddress + ", permission denied for account " + account.getId()); -// } -// } -// } else { -// if (account != null) { -// if ((ipAddressVO.getAccountId() == null) || (account.getId() != ipAddressVO.getAccountId().longValue())) { -// throw new PermissionDeniedException("Unable to list port forwarding rules for address " + ipAddress + ", permission denied for account " + account.getId()); -// } -// } -// } -// -// return _rulesDao.listIPForwarding(cmd.getIpAddress(), true); -// } - // @Override @DB // public boolean deletePortForwardingRule(Long id, boolean sysContext) { // Long ruleId = id; diff --git a/server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java b/server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java index 9156eae8e54..c9d3bcb0d99 100644 --- a/server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java +++ b/server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java @@ -25,4 +25,12 @@ import com.cloud.utils.net.Ip; public interface PortForwardingRulesDao extends GenericDao { List listForApplication(Ip ip); + + /** + * Find all port forwarding rules that have not been revoked. + * + * @param ip ip address + * @return List of PortForwardingRuleVO + */ + List listByIpAndNotRevoked(Ip ip); } diff --git a/server/src/com/cloud/network/rules/dao/PortForwardingRuleDaoImpl.java b/server/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java similarity index 71% rename from server/src/com/cloud/network/rules/dao/PortForwardingRuleDaoImpl.java rename to server/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java index a4a45f8c0a5..fdea05416ce 100644 --- a/server/src/com/cloud/network/rules/dao/PortForwardingRuleDaoImpl.java +++ b/server/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java @@ -30,12 +30,13 @@ import com.cloud.utils.db.SearchCriteria.Op; import com.cloud.utils.net.Ip; @Local(value=PortForwardingRulesDao.class) -public class PortForwardingRuleDaoImpl extends GenericDaoBase implements PortForwardingRulesDao { +public class PortForwardingRulesDaoImpl extends GenericDaoBase implements PortForwardingRulesDao { protected final SearchBuilder AllFieldsSearch; - protected final SearchBuilder ApplicationSearch; + protected final SearchBuilder ApplicationSearch; + protected final SearchBuilder ActiveRulesSearch; - protected PortForwardingRuleDaoImpl() { + protected PortForwardingRulesDaoImpl() { super(); AllFieldsSearch = createSearchBuilder(); AllFieldsSearch.and("id", AllFieldsSearch.entity().getId(), Op.EQ); @@ -44,6 +45,11 @@ public class PortForwardingRuleDaoImpl extends GenericDaoBase listByIpAndNotRevoked(Ip ip) { + SearchCriteria sc = ActiveRulesSearch.create(); + sc.setParameters("ip", ip); + sc.setParameters("state", State.Revoke); + + return listBy(sc, null); + } } diff --git a/server/src/com/cloud/user/AccountManagerImpl.java b/server/src/com/cloud/user/AccountManagerImpl.java index 290c8280104..b58eec19b80 100755 --- a/server/src/com/cloud/user/AccountManagerImpl.java +++ b/server/src/com/cloud/user/AccountManagerImpl.java @@ -557,7 +557,9 @@ public class AccountManagerImpl implements AccountManager, AccountService { accountId = userAccount.getId(); } - if (accountId != null) domainId = null; + if (accountId != null) { + domainId = null; + } @@ -701,7 +703,6 @@ public class AccountManagerImpl implements AccountManager, AccountService { } } } - private boolean doSetUserStatus(long userId, String state) { UserVO userForUpdate = _userDao.createForUpdate(); @@ -738,6 +739,7 @@ public class AccountManagerImpl implements AccountManager, AccountService { return success; } + @Override public boolean deleteUserInternal(long userId, long startEventId) { UserAccount userAccount = null; Long accountId = null; @@ -789,8 +791,9 @@ public class AccountManagerImpl implements AccountManager, AccountService { return false; }finally{ long domainId = 0L; - if (userAccount != null) + if (userAccount != null) { domainId = userAccount.getDomainId(); + } String description = "User " + username + " (id: " + userId + ") for accountId = " + accountId + " and domainId = " + domainId; if(result){ EventUtils.saveEvent(UserContext.current().getUserId(), accountId, EventVO.LEVEL_INFO, EventTypes.EVENT_USER_DELETE, "Successfully deleted " +description, startEventId); @@ -800,6 +803,7 @@ public class AccountManagerImpl implements AccountManager, AccountService { } } + @Override public boolean deleteAccount(AccountVO account) { long accountId = account.getId(); long userId = 1L; // only admins can delete users, pass in userId 1 XXX: Shouldn't it be userId 2. @@ -927,6 +931,7 @@ public class AccountManagerImpl implements AccountManager, AccountService { } } + @Override public boolean disableAccount(long accountId) { boolean success = false; if (accountId <= 2) { @@ -1168,8 +1173,9 @@ public class AccountManagerImpl implements AccountManager, AccountService { //Check if user exists in the system User user = _userDao.findById(userId); - if ((user == null) || (user.getRemoved() != null)) + if ((user == null) || (user.getRemoved() != null)) { throw new InvalidParameterValueException("Unable to find active user by id " + userId); + } // If the user is a System user, return an error Account account = _accountDao.findById(user.getAccountId()); @@ -1191,10 +1197,11 @@ public class AccountManagerImpl implements AccountManager, AccountService { } // there are no enabled users attached to this user's account, disable the account - if (disableAccount(user.getAccountId())) + if (disableAccount(user.getAccountId())) { return _userAccountDao.findById(userId); - else + } else { throw new CloudRuntimeException("Unable to disable corresponding account for the user " + userId); + } } else { throw new CloudRuntimeException("Unable to disable user " + userId); @@ -1209,8 +1216,9 @@ public class AccountManagerImpl implements AccountManager, AccountService { //Check if user exists in the system User user = _userDao.findById(userId); - if ((user == null) || (user.getRemoved() != null)) + if ((user == null) || (user.getRemoved() != null)) { throw new InvalidParameterValueException("Unable to find active user by id " + userId); + } // If the user is a System user, return an error Account account = _accountDao.findById(user.getAccountId()); @@ -1227,9 +1235,11 @@ public class AccountManagerImpl implements AccountManager, AccountService { // make sure the account is enabled too success = (success && enableAccount(user.getAccountId())); - if (success) + if (success) { return _userAccountDao.findById(userId); - else throw new CloudRuntimeException("Unable to enable user " + userId); + } else { + throw new CloudRuntimeException("Unable to enable user " + userId); + } } @Override @@ -1283,10 +1293,11 @@ public class AccountManagerImpl implements AccountManager, AccountService { } } - if (success) + if (success) { return _userAccountDao.findById(id); - else + } else { throw new CloudRuntimeException("Unable to lock user " + id); + } } @Override @@ -1335,10 +1346,11 @@ public class AccountManagerImpl implements AccountManager, AccountService { } success = enableAccount(account.getId()); - if (success) + if (success) { return _accountDao.findById(account.getId()); - else + } else { throw new CloudRuntimeException("Unable to enable account " + accountName + " in domain " + domainId); + } } @Override @@ -1361,10 +1373,11 @@ public class AccountManagerImpl implements AccountManager, AccountService { throw new InvalidParameterValueException("can not lock system account"); } - if (lockAccountInternal(account.getId())) + if (lockAccountInternal(account.getId())) { return _accountDao.findById(account.getId()); - else + } else { throw new CloudRuntimeException("Unable to lock account " + accountName + " in domain " + domainId); + } } @Override @@ -1381,10 +1394,11 @@ public class AccountManagerImpl implements AccountManager, AccountService { if (account == null) { throw new InvalidParameterValueException("Unable to find account " + accountName + " in domain " + domainId); } - if (disableAccount(account.getId())) + if (disableAccount(account.getId())) { return _accountDao.findById(account.getId()); - else + } else { throw new CloudRuntimeException("Unable to update account " + accountName + " in domain " + domainId); + } } @Override @@ -1426,10 +1440,11 @@ public class AccountManagerImpl implements AccountManager, AccountService { acctForUpdate.setAccountName(newAccountName); success = _accountDao.update(Long.valueOf(account.getId()), acctForUpdate); } - if (success) + if (success) { return _accountDao.findById(account.getId()); - else + } else { throw new CloudRuntimeException("Unable to update account " + accountName + " in domain " + domainId); + } } } diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index 71e4fff2147..d4abe6d7e7e 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -433,7 +433,7 @@ CREATE TABLE `cloud`.`op_dc_vnet_alloc` ( CREATE TABLE `cloud`.`firewall_rules` ( `id` bigint unsigned NOT NULL auto_increment COMMENT 'id', - `ip_address` bigint unsigned NOT NULL COMMENT 'id_address', + `ip_address` bigint unsigned NOT NULL COMMENT 'ip_address', `start_port` int(10) NOT NULL default -1 COMMENT 'starting port of a port range', `end_port` int(10) NOT NULL default -1 COMMENT 'end port of a port range', `state` char(32) NOT NULL COMMENT 'current state of this rule', @@ -441,9 +441,13 @@ CREATE TABLE `cloud`.`firewall_rules` ( `purpose` char(32) NOT NULL COMMENT 'why are these ports opened?', `account_id` bigint unsigned NOT NULL COMMENT 'owner id', `domain_id` bigint unsigned NOT NULL COMMENT 'domain id', + `network_id` bigint unsigned NOT NULL COMMENT 'network id', `xid` char(40) NOT NULL COMMENT 'external id', `created` datetime COMMENT 'Date created', - PRIMARY KEY (`id`) + PRIMARY KEY (`id`), + CONSTRAINT `fk_firewall_rules__network_id` FOREIGN KEY(`network_id`) REFERENCES `network`(`id`) ON DELETE CASCADE, + CONSTRAINT `fk_firewall_rules__account_id` FOREIGN KEY(`account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE, + CONSTRAINT `fk_firewall_rules__domain_id` FOREIGN KEY(`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE, ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `cloud`.`load_balancing_rules` ( diff --git a/utils/src/com/cloud/utils/db/Attribute.java b/utils/src/com/cloud/utils/db/Attribute.java index 6967c5fe323..82a071adc40 100755 --- a/utils/src/com/cloud/utils/db/Attribute.java +++ b/utils/src/com/cloud/utils/db/Attribute.java @@ -113,7 +113,6 @@ public class Attribute { flags = Flag.Insertable.setTrue(flags); flags = Flag.TableGV.setTrue(flags); } else if (gv.strategy() == GenerationType.AUTO) { - assert (false) : "Auto generation not supported."; flags = Flag.DaoGenerated.setTrue(flags); flags = Flag.Insertable.setTrue(flags); flags = Flag.AutoGV.setTrue(flags); diff --git a/utils/src/com/cloud/utils/db/GenericDaoBase.java b/utils/src/com/cloud/utils/db/GenericDaoBase.java index 51b994f392b..1bcdea98b4e 100755 --- a/utils/src/com/cloud/utils/db/GenericDaoBase.java +++ b/utils/src/com/cloud/utils/db/GenericDaoBase.java @@ -1303,7 +1303,7 @@ public abstract class GenericDaoBase implements Gene if (type == EnumType.STRING) { pstmt.setString(j, value == null ? null : value.toString()); } else if (type == EnumType.ORDINAL) { - pstmt.setLong(j, value != null ? null : ((Ip)value).longValue()); + pstmt.setLong(j, value == null ? null : ((Ip)value).longValue()); } } else { pstmt.setObject(j, value); From 9a70ee54f064434896569d0c7cee69d8ea936b6e Mon Sep 17 00:00:00 2001 From: Alex Huang Date: Thu, 2 Dec 2010 16:05:01 -0800 Subject: [PATCH 03/70] portforwarding is working --- .../commands/CreateIpForwardingRuleCmd.java | 2 +- .../commands/CreatePortForwardingRuleCmd.java | 2 +- .../commands/DeletePortForwardingRuleCmd.java | 3 +- .../commands/ListIpForwardingRulesCmd.java | 3 +- .../com/cloud/network/rules/RulesService.java | 34 ++-- console-proxy/.classpath | 18 +- console-viewer/.classpath | 14 +- core/.classpath | 87 ++++----- .../com/cloud/network/NetworkManagerImpl.java | 4 +- .../network/dao/FirewallRulesDaoImpl.java | 3 +- .../cloud/network/rules/FirewallRuleVO.java | 1 + .../network/rules/PortForwardingRuleVO.java | 2 +- .../cloud/network/rules/RulesManagerImpl.java | 173 +++--------------- .../rules/dao/PortForwardingRulesDao.java | 2 + .../rules/dao/PortForwardingRulesDaoImpl.java | 21 +++ .../com/cloud/utils/db/GenericDaoBase.java | 9 +- .../src/com/cloud/utils/db/SqlGenerator.java | 2 +- 17 files changed, 144 insertions(+), 236 deletions(-) diff --git a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java index b6af0dbeef6..75ceff90ac4 100644 --- a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java @@ -72,7 +72,7 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd { @Override public void execute(){ - PortForwardingRule result = _rulesService.createIpForwardingRuleOnDomr(this.getId()); + PortForwardingRule result = _rulesService.createIpForwardingRuleInDb(ipAddress, virtualMachineId); if (result != null) { FirewallRuleResponse fwResponse = _responseGenerator.createFirewallRuleResponse(result); fwResponse.setResponseName(getName()); diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java index 9917f3eaa2b..1b812eb3730 100644 --- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java @@ -107,7 +107,7 @@ public class CreatePortForwardingRuleCmd extends BaseCmd implements PortForwardi success = _rulesService.applyPortForwardingRules(result.getSourceIpAddress(), callerContext.getAccount()); } finally { if (!success) { - _rulesService.revokePortForwardingRule(result.getId(), true, callerContext.getAccount()); + _rulesService.revokePortForwardingRule(result.getId(), true); } } FirewallRuleResponse fwResponse = _responseGenerator.createFirewallRuleResponse(result); diff --git a/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java index a29628c2864..ad379fe5269 100644 --- a/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/DeletePortForwardingRuleCmd.java @@ -27,7 +27,6 @@ import com.cloud.api.ServerApiException; import com.cloud.api.response.SuccessResponse; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.rules.PortForwardingRule; -import com.cloud.user.UserContext; @Implementation(description="Deletes a port forwarding rule", responseObject=SuccessResponse.class) public class DeletePortForwardingRuleCmd extends BaseCmd { @@ -61,7 +60,7 @@ public class DeletePortForwardingRuleCmd extends BaseCmd { @Override public void execute() throws ResourceUnavailableException { - PortForwardingRule result = _rulesService.revokePortForwardingRule(id, true, UserContext.current().getAccount()); + PortForwardingRule result = _rulesService.revokePortForwardingRule(id, true); if (result != null) { SuccessResponse response = new SuccessResponse(getName()); this.setResponseObject(response); diff --git a/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java b/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java index 7554c8b28fb..e481813be97 100644 --- a/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java +++ b/api/src/com/cloud/api/commands/ListIpForwardingRulesCmd.java @@ -31,6 +31,7 @@ import com.cloud.api.response.FirewallRuleResponse; import com.cloud.api.response.IpForwardingRuleResponse; import com.cloud.api.response.ListResponse; import com.cloud.network.rules.PortForwardingRule; +import com.cloud.utils.net.Ip; @Implementation(description="List the ip forwarding rules", responseObject=FirewallRuleResponse.class) public class ListIpForwardingRulesCmd extends BaseListCmd { @@ -82,7 +83,7 @@ public class ListIpForwardingRulesCmd extends BaseListCmd { @Override public void execute(){ - List result = _rulesService.searchForIpForwardingRules(this); + List result = _rulesService.searchForIpForwardingRules(new Ip(publicIpAddress), this.getStartIndex(), this.getPageSizeVal()); ListResponse response = new ListResponse(); List ipForwardingResponses = new ArrayList(); for (PortForwardingRule rule : result) { diff --git a/api/src/com/cloud/network/rules/RulesService.java b/api/src/com/cloud/network/rules/RulesService.java index 96d77d18087..a898649cac9 100644 --- a/api/src/com/cloud/network/rules/RulesService.java +++ b/api/src/com/cloud/network/rules/RulesService.java @@ -19,7 +19,6 @@ package com.cloud.network.rules; import java.util.List; -import com.cloud.api.commands.ListIpForwardingRulesCmd; import com.cloud.api.commands.ListPortForwardingRulesCmd; import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.ResourceUnavailableException; @@ -27,26 +26,11 @@ import com.cloud.user.Account; import com.cloud.utils.net.Ip; public interface RulesService { - List searchForIpForwardingRules(ListIpForwardingRulesCmd cmd); - - /** - * List port forwarding rules assigned to an ip address - * @param cmd the command object holding the criteria for listing port forwarding rules (the ipAddress) - * @return list of port forwarding rules on the given address, empty list if no rules exist - */ - public List listPortForwardingRules(ListPortForwardingRulesCmd cmd); - + List searchForIpForwardingRules(Ip ip, Long start, Long size); PortForwardingRule createIpForwardingRuleInDb(String ipAddr, long virtualMachineId); - - PortForwardingRule createIpForwardingRuleOnDomr(long ruleId); - boolean deleteIpForwardingRule(Long id); - boolean deletePortForwardingRule(Long id, boolean sysContext); - - boolean applyFirewallRules(Ip ip, Account caller) throws ResourceUnavailableException; - boolean applyNatRules(Ip ip, Account caller) throws ResourceUnavailableException; - boolean applyPortForwardingRules(Ip ip, Account caller) throws ResourceUnavailableException; - + + /** * Creates a port forwarding rule between two ip addresses or between * an ip address and a virtual machine. @@ -57,12 +41,22 @@ public interface RulesService { * @throws NetworkRuleConflictException if conflicts in the network rules are detected. */ PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Account caller) throws NetworkRuleConflictException; + /** * Revokes a port forwarding rule * @param ruleId the id of the rule to revoke. * @param caller * @return */ - PortForwardingRule revokePortForwardingRule(long ruleId, boolean apply, Account caller); + PortForwardingRule revokePortForwardingRule(long ruleId, boolean apply); + /** + * List port forwarding rules assigned to an ip address + * @param cmd the command object holding the criteria for listing port forwarding rules (the ipAddress) + * @return list of port forwarding rules on the given address, empty list if no rules exist + */ + public List listPortForwardingRules(ListPortForwardingRulesCmd cmd); + boolean applyFirewallRules(Ip ip, Account caller) throws ResourceUnavailableException; + boolean applyNatRules(Ip ip) throws ResourceUnavailableException; + boolean applyPortForwardingRules(Ip ip, Account caller) throws ResourceUnavailableException; } diff --git a/console-proxy/.classpath b/console-proxy/.classpath index 0b57db8ad5a..5a34eae6642 100644 --- a/console-proxy/.classpath +++ b/console-proxy/.classpath @@ -1,9 +1,9 @@ - - - - - - - - - + + + + + + + + + diff --git a/console-viewer/.classpath b/console-viewer/.classpath index 19542e73fc0..e8a8d8c0a84 100644 --- a/console-viewer/.classpath +++ b/console-viewer/.classpath @@ -1,7 +1,7 @@ - - - - - - - + + + + + + + diff --git a/core/.classpath b/core/.classpath index f2fff92d833..6f23bda4ba2 100644 --- a/core/.classpath +++ b/core/.classpath @@ -1,43 +1,44 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index e5c764382cf..96b36264d39 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -2129,6 +2129,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return true; } + boolean success = true; Network network = _networkConfigDao.findById(rules.get(0).getNetworkId()); for (NetworkElement ne : _networkElements) { try { @@ -2139,9 +2140,10 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag throw e; } s_logger.warn("Problems with " + ne.getName() + " but pushing on", e); + success = false; } } - return true; + return success; } } diff --git a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java index d0720ba0de8..28852a35605 100644 --- a/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java +++ b/server/src/com/cloud/network/dao/FirewallRulesDaoImpl.java @@ -56,10 +56,9 @@ public class FirewallRulesDaoImpl extends GenericDaoBase i IpNotRevokedSearch = createSearchBuilder(); IpNotRevokedSearch.and("ip", IpNotRevokedSearch.entity().getSourceIpAddress(), Op.EQ); - IpNotRevokedSearch.and("state", IpNotRevokedSearch.entity().getSourceIpAddress(), Op.NEQ); + IpNotRevokedSearch.and("state", IpNotRevokedSearch.entity().getState(), Op.NEQ); IpNotRevokedSearch.done(); - } @Override diff --git a/server/src/com/cloud/network/rules/FirewallRuleVO.java b/server/src/com/cloud/network/rules/FirewallRuleVO.java index 51ce6515d93..c09476c54c3 100644 --- a/server/src/com/cloud/network/rules/FirewallRuleVO.java +++ b/server/src/com/cloud/network/rules/FirewallRuleVO.java @@ -56,6 +56,7 @@ public class FirewallRuleVO implements FirewallRule { long accountId; @Column(name="ip_address", updatable=false) + @Enumerated(value=EnumType.ORDINAL) Ip sourceIpAddress; @Column(name="start_port", updatable=false) diff --git a/server/src/com/cloud/network/rules/PortForwardingRuleVO.java b/server/src/com/cloud/network/rules/PortForwardingRuleVO.java index e9112a500fc..80344b04e3d 100644 --- a/server/src/com/cloud/network/rules/PortForwardingRuleVO.java +++ b/server/src/com/cloud/network/rules/PortForwardingRuleVO.java @@ -34,7 +34,7 @@ import com.cloud.utils.net.Ip; @PrimaryKeyJoinColumn(name="id") public class PortForwardingRuleVO extends FirewallRuleVO implements PortForwardingRule { - @Enumerated(value=EnumType.STRING) + @Enumerated(value=EnumType.ORDINAL) @Column(name="dest_ip_address") private Ip destinationIpAddress = null; diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 921c7d1e998..28236ae3525 100644 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -25,7 +25,6 @@ import javax.naming.ConfigurationException; import org.apache.log4j.Logger; -import com.cloud.api.commands.ListIpForwardingRulesCmd; import com.cloud.api.commands.ListPortForwardingRulesCmd; import com.cloud.event.EventTypes; import com.cloud.event.EventUtils; @@ -134,7 +133,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { IPAddressVO ipAddress = _ipAddressDao.findById(ipAddr); Ip dstIp = rule.getDestinationIpAddress(); - long networkId = rule.getNetworkId(); + long networkId; UserVmVO vm = null; Network network = null; if (vmId != null) { @@ -164,6 +163,8 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { throw new InvalidParameterValueException("Unable to get the network " + rule.getNetworkId()); } } + + _accountMgr.checkAccess(caller, network); networkId = network.getId(); long accountId = network.getAccountId(); @@ -236,13 +237,24 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { } @Override - public PortForwardingRule revokePortForwardingRule(long ruleId, boolean apply, Account caller) { + public PortForwardingRule revokePortForwardingRule(long ruleId, boolean apply) { + UserContext ctx = UserContext.current(); + Account caller = ctx.getAccount(); + PortForwardingRuleVO rule = _forwardingDao.findById(ruleId); if (rule == null) { throw new InvalidParameterValueException("Unable to find " + ruleId); } + _accountMgr.checkAccess(caller, rule); revokeRule(rule, caller); + String description; + String type = EventTypes.EVENT_NET_RULE_DELETE; + String level = EventVO.LEVEL_INFO; + + description = "deleted ip forwarding rule [" + rule.getSourceIpAddress() + ":" + rule.getSourcePortStart() + "]->[" + rule.getDestinationIpAddress() + ":" + rule.getDestinationPortStart() + "] " + rule.getProtocol(); + EventUtils.saveEvent(ctx.getUserId(), rule.getAccountId(), level, type, description); + if (apply) { applyPortForwardingRules(rule.getSourceIpAddress(), true); } @@ -277,24 +289,12 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { return null; } - @Override - public PortForwardingRule createIpForwardingRuleOnDomr(long ruleId) { - // TODO Auto-generated method stub - return null; - } - @Override public boolean deleteIpForwardingRule(Long id) { // TODO Auto-generated method stub return false; } - @Override - public boolean deletePortForwardingRule(Long id, boolean sysContext) { - // TODO Auto-generated method stub - return false; - } - @Override public boolean applyPortForwardingRules(Ip ip, boolean continueOnError) { try { @@ -316,24 +316,23 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { _accountMgr.checkAccess(caller, rules.toArray(new PortForwardingRuleVO[rules.size()])); } - return _networkMgr.applyRules(ip, rules, continueOnError); + if (!_networkMgr.applyRules(ip, rules, continueOnError)) { + s_logger.debug("Rules are not completely applied"); + return false; + } + + for (PortForwardingRuleVO rule : rules) { + if (rule.getState() == FirewallRule.State.Revoke) { + _forwardingDao.remove(rule.getId()); + } + } + + return true; } @Override - public List searchForIpForwardingRules(ListIpForwardingRulesCmd cmd){ -// String ipAddress = cmd.getPublicIpAddress(); -// Filter searchFilter = new Filter(PortForwardingRuleVO.class, "id", true, cmd.getStartIndex(), cmd.getPageSizeVal()); -// SearchCriteria sc = _firewallRulesDao.createSearchCriteria(); -// -// if (ipAddress != null) { -// sc.addAnd("publicIpAddress", SearchCriteria.Op.EQ, ipAddress); -// } -// -// //search for rules with protocol = nat -// sc.addAnd("protocol", SearchCriteria.Op.EQ, NetUtils.NAT_PROTO); -// -// return _firewallRulesDao.search(sc, searchFilter); - return null; + public List searchForIpForwardingRules(Ip ip, Long start, Long size) { + return _forwardingDao.searchNatRules(ip, start, size); } @@ -344,7 +343,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { } @Override - public boolean applyNatRules(Ip ip, Account caller) throws ResourceUnavailableException { + public boolean applyNatRules(Ip ip) throws ResourceUnavailableException { // TODO Auto-generated method stub return false; } @@ -678,118 +677,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { // // @Override @DB // public boolean deletePortForwardingRule(Long id, boolean sysContext) { -// Long ruleId = id; -// Long userId = null; -// Account account = null; -// if(sysContext){ -// userId = User.UID_SYSTEM; -// account = _accountDao.findById(User.UID_SYSTEM); -// }else{ -// userId = UserContext.current().getUserId(); -// account = UserContext.current().getAccount(); -// } -// -// -// //verify input parameters here -// PortForwardingRuleVO rule = _firewallRulesDao.findById(ruleId); -// if (rule == null) { -// throw new InvalidParameterValueException("Unable to find port forwarding rule " + ruleId); -// } -// -// String publicIp = rule.getSourceIpAddress(); -// String privateIp = rule.getDestinationIpAddress(); -// -// IPAddressVO ipAddress = _ipAddressDao.findById(publicIp); -// if (ipAddress == null) { -// throw new InvalidParameterValueException("Unable to find IP address for port forwarding rule " + ruleId); -// } -// -// // although we are not writing these values to the DB, we will check -// // them out of an abundance -// // of caution (may not be warranted) -// String privatePort = rule.getDestinationPort(); -// String publicPort = rule.getSourcePort(); -// if (!NetUtils.isValidPort(publicPort) || !NetUtils.isValidPort(privatePort)) { -// throw new InvalidParameterValueException("Invalid value for port"); -// } -// -// String proto = rule.getProtocol(); -// if (!NetUtils.isValidProto(proto)) { -// throw new InvalidParameterValueException("Invalid protocol"); -// } -// -// Account ruleOwner = _accountDao.findById(ipAddress.getAccountId()); -// if (ruleOwner == null) { -// throw new InvalidParameterValueException("Unable to find owning account for port forwarding rule " + ruleId); -// } -// -// // if an admin account was passed in, or no account was passed in, make sure we honor the accountName/domainId parameters -// if (account != null) { -// if (isAdmin(account.getType())) { -// if (!_domainDao.isChildDomain(account.getDomainId(), ruleOwner.getDomainId())) { -// throw new PermissionDeniedException("Unable to delete port forwarding rule " + ruleId + ", permission denied."); -// } -// } else if (account.getId() != ruleOwner.getId()) { -// throw new PermissionDeniedException("Unable to delete port forwarding rule " + ruleId + ", permission denied."); -// } -// } -// -// Transaction txn = Transaction.currentTxn(); -// boolean locked = false; -// boolean success = false; -// try { -// -// IPAddressVO ipVO = _ipAddressDao.acquireInLockTable(publicIp); -// if (ipVO == null) { -// // throw this exception because hackers can use the api to probe for allocated ips -// throw new PermissionDeniedException("User does not own supplied address"); -// } -// -// locked = true; -// txn.start(); -// List fwdings = _firewallRulesDao.listIPForwardingForUpdate(publicIp, publicPort, proto); -// PortForwardingRuleVO fwRule = null; -// if (fwdings.size() == 0) { -// throw new InvalidParameterValueException("No such rule"); -// } else if (fwdings.size() == 1) { -// fwRule = fwdings.get(0); -// if (fwRule.getDestinationIpAddress().equalsIgnoreCase(privateIp) && fwRule.getDestinationPort().equals(privatePort)) { -// _firewallRulesDao.expunge(fwRule.getId()); -// } else { -// throw new InvalidParameterValueException("No such rule"); -// } -// } else { -// throw new CloudRuntimeException("Multiple matches. Please contact support"); -// } -// fwRule.setEnabled(false); -// success = updateFirewallRule(fwRule, null, null); -// -// String description; -// String type = EventTypes.EVENT_NET_RULE_DELETE; -// String level = EventVO.LEVEL_INFO; -// String ruleName = rule.isForwarding() ? "ip forwarding" : "load balancer"; -// -// if (success) { -// description = "deleted " + ruleName + " rule [" + publicIp + ":" + rule.getSourcePort() + "]->[" + rule.getDestinationIpAddress() + ":" -// + rule.getDestinationPort() + "] " + rule.getProtocol(); -// } else { -// level = EventVO.LEVEL_ERROR; -// description = "Error while deleting " + ruleName + " rule [" + publicIp + ":" + rule.getSourcePort() + "]->[" + rule.getDestinationIpAddress() + ":" -// + rule.getDestinationPort() + "] " + rule.getProtocol(); -// } -// EventUtils.saveEvent(userId, ipAddress.getAccountId(), level, type, description); -// txn.commit(); -// }catch (Exception ex) { -// txn.rollback(); -// s_logger.error("Unexpected exception deleting port forwarding rule " + ruleId, ex); -// return false; -// }finally { -// if (locked) { -// _ipAddressDao.releaseFromLockTable(publicIp); -// } -// txn.close(); -// } -// return success; // } // @Override @DB // public PortForwardingRule createIpForwardingRuleOnDomr(long ruleId) { diff --git a/server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java b/server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java index c9d3bcb0d99..83db875deaa 100644 --- a/server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java +++ b/server/src/com/cloud/network/rules/dao/PortForwardingRulesDao.java @@ -33,4 +33,6 @@ public interface PortForwardingRulesDao extends GenericDao listByIpAndNotRevoked(Ip ip); + + List searchNatRules(Ip ip, Long startIndex, Long pageSize); } diff --git a/server/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java b/server/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java index fdea05416ce..2aaefecb3c2 100644 --- a/server/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java +++ b/server/src/com/cloud/network/rules/dao/PortForwardingRulesDaoImpl.java @@ -23,11 +23,13 @@ import javax.ejb.Local; import com.cloud.network.rules.FirewallRule.State; import com.cloud.network.rules.PortForwardingRuleVO; +import com.cloud.utils.db.Filter; import com.cloud.utils.db.GenericDaoBase; import com.cloud.utils.db.SearchBuilder; import com.cloud.utils.db.SearchCriteria; import com.cloud.utils.db.SearchCriteria.Op; import com.cloud.utils.net.Ip; +import com.cloud.utils.net.NetUtils; @Local(value=PortForwardingRulesDao.class) public class PortForwardingRulesDaoImpl extends GenericDaoBase implements PortForwardingRulesDao { @@ -40,6 +42,9 @@ public class PortForwardingRulesDaoImpl extends GenericDaoBase searchNatRules(Ip ip, Long startIndex, Long pageSize) { + Filter searchFilter = new Filter(PortForwardingRuleVO.class, "id", true, startIndex, pageSize); + SearchCriteria sc = AllFieldsSearch.create(); + + if (ip != null) { + sc.setParameters("ip", ip); + } + + //search for rules with protocol = nat + sc.setParameters("protocol", NetUtils.NAT_PROTO); + + return listBy(sc, searchFilter); + } + } diff --git a/utils/src/com/cloud/utils/db/GenericDaoBase.java b/utils/src/com/cloud/utils/db/GenericDaoBase.java index 1bcdea98b4e..ff21e451611 100755 --- a/utils/src/com/cloud/utils/db/GenericDaoBase.java +++ b/utils/src/com/cloud/utils/db/GenericDaoBase.java @@ -538,7 +538,8 @@ public abstract class GenericDaoBase implements Gene Ip ip = null; if (enumType == EnumType.STRING) { - ip = new Ip(NetUtils.ip2Long(rs.getString(index))); + String s = rs.getString(index); + ip = s == null ? null : new Ip(NetUtils.ip2Long(s)); } else { ip = new Ip(rs.getLong(index)); } @@ -1204,9 +1205,9 @@ public abstract class GenericDaoBase implements Gene return null; // Not sure what to do here. } else if (attr.is(Attribute.Flag.AutoGV)) { - if (attr.columnName == GenericDao.XID_COLUMN) { - UUID.randomUUID().toString(); - } + if (attr.columnName.equals(GenericDao.XID_COLUMN)) { + return UUID.randomUUID().toString(); + } assert (false) : "Auto generation is not supported."; return null; } else if (attr.is(Attribute.Flag.SequenceGV)) { diff --git a/utils/src/com/cloud/utils/db/SqlGenerator.java b/utils/src/com/cloud/utils/db/SqlGenerator.java index 6e53132373d..2db80284faf 100755 --- a/utils/src/com/cloud/utils/db/SqlGenerator.java +++ b/utils/src/com/cloud/utils/db/SqlGenerator.java @@ -227,7 +227,7 @@ public class SqlGenerator { attr = findAttribute(GenericDao.XID_COLUMN); if (attr != null && attr.field.getType() == String.class) { attr.setTrue(Attribute.Flag.DaoGenerated); - attr.setFalse(Attribute.Flag.Insertable); + attr.setTrue(Attribute.Flag.Insertable); attr.setFalse(Attribute.Flag.Updatable); attr.setFalse(Attribute.Flag.TimeStamp); attr.setFalse(Attribute.Flag.Time); From b859e103d8ffb0a988bdd230fe57c7753eb2c288 Mon Sep 17 00:00:00 2001 From: Alex Huang Date: Fri, 3 Dec 2010 04:07:18 -0800 Subject: [PATCH 04/70] ip nat rule forwarding done --- api/src/com/cloud/api/BaseAsyncCreateCmd.java | 4 +- .../commands/CreateIpForwardingRuleCmd.java | 100 ++++++++++++++++-- .../commands/CreatePortForwardingRuleCmd.java | 28 ++++- .../commands/CreateRemoteAccessVpnCmd.java | 2 +- .../cloud/api/commands/CreateTemplateCmd.java | 2 +- .../cloud/api/commands/CreateVolumeCmd.java | 2 +- .../commands/DeleteIpForwardingRuleCmd.java | 6 +- .../com/cloud/network/rules/FirewallRule.java | 1 + .../com/cloud/network/rules/RulesService.java | 8 +- server/src/com/cloud/api/ApiServer.java | 2 +- .../com/cloud/network/NetworkManagerImpl.java | 2 +- .../cloud/network/rules/RulesManagerImpl.java | 91 ++++++++++------ .../cloud/server/ManagementServerImpl.java | 2 +- .../com/cloud/storage/StorageManagerImpl.java | 2 +- .../src/com/cloud/vm/UserVmManagerImpl.java | 6 +- 15 files changed, 190 insertions(+), 68 deletions(-) diff --git a/api/src/com/cloud/api/BaseAsyncCreateCmd.java b/api/src/com/cloud/api/BaseAsyncCreateCmd.java index 4da990ba930..e605e3bdee3 100644 --- a/api/src/com/cloud/api/BaseAsyncCreateCmd.java +++ b/api/src/com/cloud/api/BaseAsyncCreateCmd.java @@ -8,11 +8,11 @@ public abstract class BaseAsyncCreateCmd extends BaseAsyncCmd { public abstract void callCreate(); - public Long getId() { + public Long getEntityId() { return id; } - public void setId(Long id) { + public void setEntityId(Long id) { this.id = id; } diff --git a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java index 75ceff90ac4..f5e85180f51 100644 --- a/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreateIpForwardingRuleCmd.java @@ -28,11 +28,15 @@ import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.FirewallRuleResponse; import com.cloud.event.EventTypes; +import com.cloud.exception.NetworkRuleConflictException; import com.cloud.network.rules.PortForwardingRule; import com.cloud.user.Account; +import com.cloud.user.UserContext; +import com.cloud.utils.net.Ip; +import com.cloud.utils.net.NetUtils; @Implementation(description="Creates an ip forwarding rule", responseObject=FirewallRuleResponse.class) -public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd { +public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule { public static final Logger s_logger = Logger.getLogger(CreateIpForwardingRuleCmd.class.getName()); private static final String s_name = "createipforwardingruleresponse"; @@ -72,9 +76,17 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd { @Override public void execute(){ - PortForwardingRule result = _rulesService.createIpForwardingRuleInDb(ipAddress, virtualMachineId); - if (result != null) { - FirewallRuleResponse fwResponse = _responseGenerator.createFirewallRuleResponse(result); + boolean result; + try { + result = _rulesService.applyPortForwardingRules(new Ip(ipAddress), UserContext.current().getAccount()); + } catch (Exception e) { + s_logger.error("Unable to apply port forwarding rules", e); + _rulesService.revokePortForwardingRule(getEntityId(), true); + result = false; + } + if (result) { + PortForwardingRule rule = _entityMgr.findById(PortForwardingRule.class, getEntityId()); + FirewallRuleResponse fwResponse = _responseGenerator.createFirewallRuleResponse(rule); fwResponse.setResponseName(getName()); this.setResponseObject(fwResponse); } else { @@ -84,13 +96,16 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd { } @Override - public void callCreate(){ - PortForwardingRule rule = _rulesService.createIpForwardingRuleInDb(ipAddress,virtualMachineId); - if (rule != null){ - this.setId(rule.getId()); - } else { - throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create ip forwarding rule"); + public void callCreate() { + PortForwardingRule rule; + try { + rule = _rulesService.createPortForwardingRule(this, virtualMachineId); + } catch (NetworkRuleConflictException e) { + s_logger.info("Unable to create Port Forwarding Rule due to " + e.getMessage()); + throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, e.getMessage()); } + + this.setEntityId(rule.getId()); } @Override @@ -108,4 +123,69 @@ public class CreateIpForwardingRuleCmd extends BaseAsyncCreateCmd { return ("Creating an ipforwarding 1:1 NAT rule for "+ipAddress+" with virtual machine:"+virtualMachineId); } + @Override + public long getId() { + throw new UnsupportedOperationException("Don't call me"); + } + + @Override + public String getXid() { + return null; + } + + @Override + public Ip getSourceIpAddress() { + return new Ip(ipAddress); + } + + @Override + public int getSourcePortStart() { + return -1; + } + + @Override + public int getSourcePortEnd() { + return -1; + } + + @Override + public String getProtocol() { + return NetUtils.NAT_PROTO; + } + + @Override + public Purpose getPurpose() { + return Purpose.PortForwarding; + } + + @Override + public State getState() { + throw new UnsupportedOperationException("Don't call me"); + } + + @Override + public long getNetworkId() { + return -1; + } + + @Override + public long getDomainId() { + throw new UnsupportedOperationException("Don't call me"); + } + + @Override + public Ip getDestinationIpAddress() { + return null; + } + + @Override + public int getDestinationPortStart() { + return -1; + } + + @Override + public int getDestinationPortEnd() { + return -1; + } + } diff --git a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java index 1b812eb3730..bd8c6fba8ef 100644 --- a/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/CreatePortForwardingRuleCmd.java @@ -21,11 +21,13 @@ package com.cloud.api.commands; import org.apache.log4j.Logger; import com.cloud.api.ApiConstants; +import com.cloud.api.BaseAsyncCreateCmd; import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.FirewallRuleResponse; +import com.cloud.event.EventTypes; import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.rules.PortForwardingRule; @@ -33,7 +35,7 @@ import com.cloud.user.UserContext; import com.cloud.utils.net.Ip; @Implementation(description="Creates a port forwarding rule", responseObject=FirewallRuleResponse.class) -public class CreatePortForwardingRuleCmd extends BaseCmd implements PortForwardingRule { +public class CreatePortForwardingRuleCmd extends BaseAsyncCreateCmd implements PortForwardingRule { public static final Logger s_logger = Logger.getLogger(CreatePortForwardingRuleCmd.class.getName()); private static final String s_name = "createportforwardingruleresponse"; @@ -98,7 +100,7 @@ public class CreatePortForwardingRuleCmd extends BaseCmd implements PortForwardi try { UserContext callerContext = UserContext.current(); - PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId, callerContext.getAccount()); + PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId); if (result == null) { throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "An existing rule for ipAddress / port / protocol of " + ipAddress + " / " + publicPort + " / " + protocol + " exits."); } @@ -183,4 +185,26 @@ public class CreatePortForwardingRuleCmd extends BaseCmd implements PortForwardi public int getDestinationPortEnd() { return Integer.parseInt(privatePort); } + + @Override + public void callCreate() { + try { + PortForwardingRule result = _rulesService.createPortForwardingRule(this, virtualMachineId); + setEntityId(result.getId()); + } catch (NetworkRuleConflictException ex) { + s_logger.info("Network rule conflict: " + ex.getMessage()); + throw new ServerApiException(BaseCmd.NETWORK_RULE_CONFLICT_ERROR, ex.getMessage()); + } + } + + @Override + public String getEventType() { + return EventTypes.EVENT_NET_RULE_ADD; + } + + @Override + public String getEventDescription() { + return ("Creating an port forwarding rule for "+ipAddress+" with virtual machine:"+virtualMachineId); + } + } diff --git a/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java b/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java index ddc1944737f..0e8aa294853 100644 --- a/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java +++ b/api/src/com/cloud/api/commands/CreateRemoteAccessVpnCmd.java @@ -138,7 +138,7 @@ public class CreateRemoteAccessVpnCmd extends BaseAsyncCreateCmd { try { RemoteAccessVpn vpn = _networkService.createRemoteAccessVpn(this); if (vpn != null) { - this.setId(vpn.getId()); + this.setEntityId(vpn.getId()); } else { throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create remote access vpn"); } diff --git a/api/src/com/cloud/api/commands/CreateTemplateCmd.java b/api/src/com/cloud/api/commands/CreateTemplateCmd.java index f4d5ad76448..5bdac90fd08 100644 --- a/api/src/com/cloud/api/commands/CreateTemplateCmd.java +++ b/api/src/com/cloud/api/commands/CreateTemplateCmd.java @@ -171,7 +171,7 @@ public class CreateTemplateCmd extends BaseAsyncCreateCmd { public void callCreate(){ VirtualMachineTemplate template = _userVmService.createPrivateTemplateRecord(this); if (template != null){ - this.setId(template.getId()); + this.setEntityId(template.getId()); } else { throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create a template"); } diff --git a/api/src/com/cloud/api/commands/CreateVolumeCmd.java b/api/src/com/cloud/api/commands/CreateVolumeCmd.java index fd921467060..585dbbbbd5d 100644 --- a/api/src/com/cloud/api/commands/CreateVolumeCmd.java +++ b/api/src/com/cloud/api/commands/CreateVolumeCmd.java @@ -148,7 +148,7 @@ public class CreateVolumeCmd extends BaseAsyncCreateCmd { try { Volume volume = _storageMgr.allocVolume(this); if (volume != null) { - this.setId(volume.getId()); + this.setEntityId(volume.getId()); } else { throw new ServerApiException(BaseCmd.INTERNAL_ERROR, "Failed to create volume"); } diff --git a/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java b/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java index 2c62fc0a9f5..9d4cc3f897f 100644 --- a/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java +++ b/api/src/com/cloud/api/commands/DeleteIpForwardingRuleCmd.java @@ -28,6 +28,7 @@ import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; import com.cloud.api.response.SuccessResponse; import com.cloud.event.EventTypes; +import com.cloud.network.rules.PortForwardingRule; import com.cloud.user.Account; @Implementation(description="Deletes an ip forwarding rule", responseObject=SuccessResponse.class) @@ -62,9 +63,8 @@ public class DeleteIpForwardingRuleCmd extends BaseAsyncCmd { @Override public void execute(){ - boolean result = false; - result = _rulesService.deleteIpForwardingRule(id); - if (result) { + PortForwardingRule rule = _rulesService.revokePortForwardingRule(id, true); + if (rule != null) { SuccessResponse response = new SuccessResponse(getName()); this.setResponseObject(response); } else { diff --git a/api/src/com/cloud/network/rules/FirewallRule.java b/api/src/com/cloud/network/rules/FirewallRule.java index 7e4e94f2338..71420ff9235 100644 --- a/api/src/com/cloud/network/rules/FirewallRule.java +++ b/api/src/com/cloud/network/rules/FirewallRule.java @@ -22,6 +22,7 @@ import com.cloud.utils.net.Ip; public interface FirewallRule extends ControlledEntity { enum Purpose { + Firewall, PortForwarding, LoadBalancing, Vpn, diff --git a/api/src/com/cloud/network/rules/RulesService.java b/api/src/com/cloud/network/rules/RulesService.java index a898649cac9..f9d48bf618e 100644 --- a/api/src/com/cloud/network/rules/RulesService.java +++ b/api/src/com/cloud/network/rules/RulesService.java @@ -27,20 +27,16 @@ import com.cloud.utils.net.Ip; public interface RulesService { List searchForIpForwardingRules(Ip ip, Long start, Long size); - PortForwardingRule createIpForwardingRuleInDb(String ipAddr, long virtualMachineId); - boolean deleteIpForwardingRule(Long id); - /** * Creates a port forwarding rule between two ip addresses or between * an ip address and a virtual machine. * @param rule rule to be created. * @param vmId vm to be linked to. If specified the destination ip address is ignored. - * @param caller caller * @return PortForwardingRule if created. * @throws NetworkRuleConflictException if conflicts in the network rules are detected. */ - PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Account caller) throws NetworkRuleConflictException; + PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId) throws NetworkRuleConflictException; /** * Revokes a port forwarding rule @@ -56,7 +52,5 @@ public interface RulesService { */ public List listPortForwardingRules(ListPortForwardingRulesCmd cmd); - boolean applyFirewallRules(Ip ip, Account caller) throws ResourceUnavailableException; - boolean applyNatRules(Ip ip) throws ResourceUnavailableException; boolean applyPortForwardingRules(Ip ip, Account caller) throws ResourceUnavailableException; } diff --git a/server/src/com/cloud/api/ApiServer.java b/server/src/com/cloud/api/ApiServer.java index 4a307839a64..fad2f3405ef 100755 --- a/server/src/com/cloud/api/ApiServer.java +++ b/server/src/com/cloud/api/ApiServer.java @@ -373,7 +373,7 @@ public class ApiServer implements HttpRequestHandler { if (cmdObj instanceof BaseAsyncCreateCmd) { BaseAsyncCreateCmd createCmd = (BaseAsyncCreateCmd)cmdObj; _dispatcher.dispatchCreateCmd(createCmd, params); - objectId = createCmd.getId(); + objectId = createCmd.getEntityId(); params.put("id", objectId.toString()); } else { ApiDispatcher.setupParameters(cmdObj, params); diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 96b36264d39..011e6c032d3 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -1687,7 +1687,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag Long userId = UserContext.current().getUserId(); Account account = getAccountForApiCommand(cmd.getAccountName(), cmd.getDomainId()); EventUtils.saveStartedEvent(userId, account.getId(), EventTypes.EVENT_REMOTE_ACCESS_VPN_CREATE, "Creating a Remote Access VPN for account: " + account.getAccountName() + " in zone " + cmd.getZoneId(), cmd.getStartEventId()); - RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findById(cmd.getId()); + RemoteAccessVpnVO vpnVO = _remoteAccessVpnDao.findById(cmd.getEntityId()); String publicIp = vpnVO.getVpnServerAddress(); Long vpnId = vpnVO.getId(); Transaction txn = Transaction.currentTxn(); diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index 28236ae3525..b1f72c8dfd0 100644 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -46,8 +46,11 @@ import com.cloud.user.Account; import com.cloud.user.AccountManager; import com.cloud.user.UserContext; import com.cloud.uservm.UserVm; +import com.cloud.utils.Pair; import com.cloud.utils.component.Inject; import com.cloud.utils.component.Manager; +import com.cloud.utils.db.DB; +import com.cloud.utils.db.Transaction; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.utils.net.Ip; import com.cloud.utils.net.NetUtils; @@ -66,7 +69,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { @Inject UserVmDao _vmDao; @Inject AccountManager _accountMgr; @Inject NetworkManager _networkMgr; - @Override public void detectRulesConflict(FirewallRule newRule, IpAddress ipAddress) throws NetworkRuleConflictException { @@ -113,6 +115,10 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { return; } + if (userVm.getState() == com.cloud.vm.State.Destroyed || userVm.getState() == com.cloud.vm.State.Expunging) { + throw new InvalidParameterValueException("Invalid user vm: " + userVm.getId()); + } + _accountMgr.checkAccess(caller, userVm); // validate that IP address and userVM belong to the same account @@ -124,10 +130,14 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { if (ipAddress.getDataCenterId() != userVm.getDataCenterId()) { throw new InvalidParameterValueException("Unable to create ip forwarding rule, IP address " + ipAddress + " is not in the same availability zone as virtual machine " + userVm.toString()); } + } - @Override - public PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId, Account caller) throws NetworkRuleConflictException { + @Override @DB + public PortForwardingRule createPortForwardingRule(PortForwardingRule rule, Long vmId) throws NetworkRuleConflictException { + UserContext ctx = UserContext.current(); + Account caller = ctx.getAccount(); + String ipAddr = rule.getSourceIpAddress().addr(); IPAddressVO ipAddress = _ipAddressDao.findById(ipAddr); @@ -171,7 +181,13 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { long domainId = network.getDomainId(); checkIpAndUserVm(ipAddress, vm, caller); + boolean isNat = NetUtils.NAT_PROTO.equals(rule.getProtocol()); + if (isNat && (ipAddress.isSourceNat() || ipAddress.isOneToOneNat())) { + throw new NetworkRuleConflictException("Can't do one to one NAT on ip address: " + ipAddress.getAddress()); + } + Transaction txn = Transaction.currentTxn(); + txn.start(); PortForwardingRuleVO newRule = new PortForwardingRuleVO(rule.getXid(), rule.getSourceIpAddress(), @@ -185,6 +201,12 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { accountId, domainId); newRule = _forwardingDao.persist(newRule); + + if (isNat) { + ipAddress.setOneToOneNat(true); + _ipAddressDao.update(ipAddress.getAddress(), ipAddress); + } + txn.commit(); boolean success = false; try { @@ -196,7 +218,13 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { success = true; return newRule; } catch (Exception e) { + txn.start(); _forwardingDao.remove(newRule.getId()); + if (isNat) { + ipAddress.setOneToOneNat(false); + _ipAddressDao.update(ipAddress.getAddress(), ipAddress); + } + txn.commit(); if (e instanceof NetworkRuleConflictException) { throw (NetworkRuleConflictException)e; } @@ -221,19 +249,43 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { } } + protected Pair getUserVmGuestIpAddress(UserVm vm) { + Ip dstIp = null; + List nics = _networkMgr.getNics(vm); + for (Nic nic : nics) { + Network ntwk = _networkMgr.getNetwork(nic.getNetworkId()); + if (ntwk.getGuestType() == GuestIpType.Virtualized) { + dstIp = new Ip(nic.getIp4Address()); + return new Pair(ntwk, dstIp); + } + } + + throw new CloudRuntimeException("Unable to find ip address to map to in " + vm.getId()); + } + + @DB protected void revokeRule(FirewallRuleVO rule, Account caller) { _accountMgr.checkAccess(caller, rule); - + + Transaction txn = Transaction.currentTxn(); + txn.start(); if (rule.getState() == State.Staged) { if (s_logger.isDebugEnabled()) { s_logger.debug("Found a rule that is still in stage state so just removing it: " + rule); } _firewallDao.remove(rule.getId()); - return; } else if (rule.getState() == State.Add) { rule.setState(State.Revoke); _firewallDao.update(rule.getId(), rule); } + if (NetUtils.NAT_PROTO.equals(rule.protocol) && rule.getSourcePortStart() == -1) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("Removing one to one nat so setting the ip back to one to one nat is false: " + rule.getSourceIpAddress()); + } + IPAddressVO ipAddress = _ipAddressDao.findById(rule.getSourceIpAddress().addr()); + ipAddress.setOneToOneNat(false); + _ipAddressDao.update(ipAddress.getAddress(), ipAddress); + } } @Override @@ -283,18 +335,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { return rules; } - @Override - public PortForwardingRule createIpForwardingRuleInDb(String ipAddr, long virtualMachineId) { - // TODO Auto-generated method stub - return null; - } - - @Override - public boolean deleteIpForwardingRule(Long id) { - // TODO Auto-generated method stub - return false; - } - @Override public boolean applyPortForwardingRules(Ip ip, boolean continueOnError) { try { @@ -335,25 +375,11 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { return _forwardingDao.searchNatRules(ip, start, size); } - - @Override public boolean applyPortForwardingRules(Ip ip, Account caller) throws ResourceUnavailableException { return applyPortForwardingRules(ip, false, caller); } - @Override - public boolean applyNatRules(Ip ip) throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; - } - - @Override - public boolean applyFirewallRules(Ip ip, Account caller) throws ResourceUnavailableException { - // TODO Auto-generated method stub - return false; - } - @Override public boolean configure(String name, Map params) throws ConfigurationException { _name = name; @@ -675,9 +701,6 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { // return newFwRule; // } // -// @Override @DB -// public boolean deletePortForwardingRule(Long id, boolean sysContext) { -// } // @Override @DB // public PortForwardingRule createIpForwardingRuleOnDomr(long ruleId) { // Transaction txn = Transaction.currentTxn(); diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 11b1c51c97b..058f3396ffe 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -1094,7 +1094,7 @@ public class ManagementServerImpl implements ManagementServer { } DeployVm2Cmd cmd2 = new DeployVm2Cmd(); - cmd2.setId(vm.getId()); + cmd2.setEntityId(vm.getId()); vm = _userVmService.startVirtualMachine(cmd2); return vm; } diff --git a/server/src/com/cloud/storage/StorageManagerImpl.java b/server/src/com/cloud/storage/StorageManagerImpl.java index 5a840d2b551..831042001d8 100755 --- a/server/src/com/cloud/storage/StorageManagerImpl.java +++ b/server/src/com/cloud/storage/StorageManagerImpl.java @@ -1831,7 +1831,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag @Override @DB public VolumeVO createVolume(CreateVolumeCmd cmd) { - VolumeVO volume = _volsDao.findById(cmd.getId()); + VolumeVO volume = _volsDao.findById(cmd.getEntityId()); // VolumeVO createdVolume = null; Long userId = UserContext.current().getUserId(); diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 0fd87985904..d419919b62b 100755 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -2567,13 +2567,13 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM if (s_logger.isInfoEnabled()) { s_logger.info(msg); } - _templateDao.remove(command.getId()); // Mark it removed so that templates with the same name can be created subsequently. Bug 7366 + _templateDao.remove(command.getEntityId()); // Mark it removed so that templates with the same name can be created subsequently. Bug 7366 throw new CloudRuntimeException(msg); } SnapshotCommand cmd = null; VMTemplateVO privateTemplate = null; - long templateId = command.getId(); + long templateId = command.getEntityId(); long zoneId = volume.getDataCenterId(); String uniqueName = getRandomPrivateTemplateName(); @@ -3722,7 +3722,7 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, VirtualM @Override public UserVm startVirtualMachine(DeployVm2Cmd cmd) throws ResourceUnavailableException, InsufficientCapacityException, ConcurrentOperationException { - long vmId = cmd.getId(); + long vmId = cmd.getEntityId(); UserVmVO vm = _vmDao.findById(vmId); // Check that the password was passed in and is valid From 3aa19666cf375a0218731d8d489a0ddc8ebe8815 Mon Sep 17 00:00:00 2001 From: Alex Huang Date: Fri, 3 Dec 2010 04:21:37 -0800 Subject: [PATCH 05/70] merge with master --- api/src/com/cloud/api/commands/CreateSnapshotCmd.java | 4 ++-- .../com/cloud/storage/snapshot/SnapshotManagerImpl.java | 7 +++---- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/api/src/com/cloud/api/commands/CreateSnapshotCmd.java b/api/src/com/cloud/api/commands/CreateSnapshotCmd.java index 5e54db27421..d394d63fc2f 100644 --- a/api/src/com/cloud/api/commands/CreateSnapshotCmd.java +++ b/api/src/com/cloud/api/commands/CreateSnapshotCmd.java @@ -26,7 +26,6 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; -import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.SnapshotResponse; import com.cloud.async.AsyncJob; import com.cloud.event.EventTypes; @@ -114,6 +113,7 @@ public class CreateSnapshotCmd extends BaseAsyncCreateCmd { return "creating snapshot for volume: " + getVolumeId(); } + @Override public AsyncJob.Type getInstanceType() { return AsyncJob.Type.Snapshot; } @@ -121,7 +121,7 @@ public class CreateSnapshotCmd extends BaseAsyncCreateCmd { @Override public void callCreate(){ long id = _snapshotMgr.getNextInSequence(this); - this.setId(id); + this.setEntityId(id); } @Override diff --git a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java index f53174ec99b..cfced36b037 100755 --- a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java +++ b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java @@ -63,12 +63,11 @@ import com.cloud.event.dao.EventDao; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.ResourceAllocationException; -import com.cloud.exception.UsageServerException; import com.cloud.host.dao.DetailsDao; import com.cloud.host.dao.HostDao; import com.cloud.storage.Snapshot; -import com.cloud.storage.Snapshot.Type; import com.cloud.storage.Snapshot.Status; +import com.cloud.storage.Snapshot.Type; import com.cloud.storage.SnapshotPolicyVO; import com.cloud.storage.SnapshotScheduleVO; import com.cloud.storage.SnapshotVO; @@ -101,10 +100,10 @@ import com.cloud.utils.component.Inject; import com.cloud.utils.component.Manager; import com.cloud.utils.db.DB; import com.cloud.utils.db.Filter; +import com.cloud.utils.db.JoinBuilder.JoinType; import com.cloud.utils.db.SearchBuilder; import com.cloud.utils.db.SearchCriteria; import com.cloud.utils.db.Transaction; -import com.cloud.utils.db.JoinBuilder.JoinType; import com.cloud.utils.exception.CloudRuntimeException; import com.cloud.vm.VMInstanceVO; import com.cloud.vm.dao.UserVmDao; @@ -361,7 +360,7 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma public SnapshotVO createSnapshot(CreateSnapshotCmd cmd) throws ResourceAllocationException { Long volumeId = cmd.getVolumeId(); Long policyId = cmd.getPolicyId(); - Long snapshotId = cmd.getId(); + Long snapshotId = cmd.getEntityId(); Long startEventId = cmd.getStartEventId(); return createSnapshotImpl(volumeId, policyId, snapshotId, startEventId); } From a8b617c596b043be84bfcd001a5e0049a5a436a1 Mon Sep 17 00:00:00 2001 From: Alex Huang Date: Fri, 3 Dec 2010 08:47:29 -0800 Subject: [PATCH 06/70] port forwarding is now in --- api/src/com/cloud/network/NetworkService.java | 12 +- .../cloud/network/element/NetworkElement.java | 56 ++++++ .../com/cloud/network/NetworkManagerImpl.java | 175 ++++++++---------- .../cloud/network/dao/IPAddressDaoImpl.java | 9 +- .../network/element/DomainRouterElement.java | 14 ++ .../com/cloud/network/rules/RulesManager.java | 3 + .../cloud/network/rules/RulesManagerImpl.java | 58 +++++- 7 files changed, 215 insertions(+), 112 deletions(-) diff --git a/api/src/com/cloud/network/NetworkService.java b/api/src/com/cloud/network/NetworkService.java index 249dcc7fe64..4d7357b4b69 100644 --- a/api/src/com/cloud/network/NetworkService.java +++ b/api/src/com/cloud/network/NetworkService.java @@ -47,26 +47,26 @@ public interface NetworkService { * @throws ResourceAllocationException, InsufficientCapacityException */ IpAddress associateIP(AssociateIPAddrCmd cmd) throws ResourceAllocationException, InsufficientAddressCapacityException, ConcurrentOperationException; - public boolean disassociateIpAddress(DisassociateIPAddrCmd cmd); + boolean disassociateIpAddress(DisassociateIPAddrCmd cmd); /** - * Create a remote access vpn from the given public ip address and client ip range + * Create a remote access vpn from the given ip address and client ip range * @param cmd the command specifying the ip address, ip range * @return the newly created RemoteAccessVpnVO if successful, null otherwise * @throws InvalidParameterValueException * @throws PermissionDeniedException * @throws ConcurrentOperationException */ - public RemoteAccessVpn createRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, InvalidParameterValueException, PermissionDeniedException; + RemoteAccessVpn createRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, InvalidParameterValueException, PermissionDeniedException; /** - * Start a remote access vpn for the given public ip address and client ip range + * Start a remote access vpn for the given ip address and client ip range * @param cmd the command specifying the ip address, ip range * @return the RemoteAccessVpnVO if successful, null otherwise * @throws ConcurrentOperationException * @throws ResourceUnavailableException */ - public RemoteAccessVpn startRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, ResourceUnavailableException; + RemoteAccessVpn startRemoteAccessVpn(CreateRemoteAccessVpnCmd cmd) throws ConcurrentOperationException, ResourceUnavailableException; /** * Destroy a previously created remote access VPN @@ -74,7 +74,7 @@ public interface NetworkService { * @return success if successful, false otherwise * @throws ConcurrentOperationException */ - public boolean destroyRemoteAccessVpn(DeleteRemoteAccessVpnCmd cmd) throws ConcurrentOperationException; + boolean destroyRemoteAccessVpn(DeleteRemoteAccessVpnCmd cmd) throws ConcurrentOperationException; VpnUser addVpnUser(AddVpnUserCmd cmd) throws ConcurrentOperationException, AccountLimitException; diff --git a/api/src/com/cloud/network/element/NetworkElement.java b/api/src/com/cloud/network/element/NetworkElement.java index cabdd12424c..fb620a7babf 100644 --- a/api/src/com/cloud/network/element/NetworkElement.java +++ b/api/src/com/cloud/network/element/NetworkElement.java @@ -14,6 +14,7 @@ import com.cloud.network.Network; import com.cloud.network.rules.FirewallRule; import com.cloud.offering.NetworkOffering; import com.cloud.utils.component.Adapter; +import com.cloud.utils.net.Ip; import com.cloud.vm.NicProfile; import com.cloud.vm.ReservationContext; import com.cloud.vm.VirtualMachine; @@ -31,11 +32,66 @@ public interface NetworkElement extends Adapter { */ boolean implement(Network network, NetworkOffering offering, DeployDestination dest, ReservationContext context) throws InsufficientCapacityException, ConcurrentOperationException, ResourceUnavailableException; + /** + * Prepare for a nic to be added into this network. + * @param network + * @param nic + * @param vm + * @param dest + * @param context + * @return + * @throws ConcurrentOperationException + * @throws ResourceUnavailableException + * @throws InsufficientNetworkCapacityException + */ boolean prepare(Network network, NicProfile nic, VirtualMachineProfile vm, DeployDestination dest, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException, InsufficientNetworkCapacityException; + /** + * A nic is released from this network. + * @param network + * @param nic + * @param vm + * @param context + * @return + * @throws ConcurrentOperationException + * @throws ResourceUnavailableException + */ boolean release(Network network, NicProfile nic, VirtualMachineProfile vm, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException; + /** + * The network is being shutdown. + * @param network + * @param context + * @return + * @throws ConcurrentOperationException + * @throws ResourceUnavailableException + */ boolean shutdown(Network network, ReservationContext context) throws ConcurrentOperationException, ResourceUnavailableException; + + /** + * Associate a new ip address to this network + * @param network + * @param ipAddress + * @return + * @throws ResourceUnavailableException + */ + boolean associate(Network network, Ip ipAddress) throws ResourceUnavailableException; + + /** + * Disassociate the ip address from this network + * @param network + * @param ipAddress + * @return + * @throws ResourceUnavailableException + */ + boolean disassociate(Network network, Ip ipAddress) throws ResourceUnavailableException; + /** + * Apply rules + * @param network + * @param rules + * @return + * @throws ResourceUnavailableException + */ boolean applyRules(Network network, List rules) throws ResourceUnavailableException; } diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index 011e6c032d3..0c363ff33c6 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -101,9 +101,11 @@ import com.cloud.network.dao.NetworkRuleConfigDao; import com.cloud.network.dao.RemoteAccessVpnDao; import com.cloud.network.dao.VpnUserDao; import com.cloud.network.element.NetworkElement; +import com.cloud.network.lb.LoadBalancingRulesManager; import com.cloud.network.router.DomainRouterManager; import com.cloud.network.router.VirtualRouter; import com.cloud.network.rules.FirewallRule; +import com.cloud.network.rules.RulesManager; import com.cloud.offering.NetworkOffering; import com.cloud.offering.NetworkOffering.GuestIpType; import com.cloud.offerings.NetworkOfferingVO; @@ -202,6 +204,8 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag @Inject RemoteAccessVpnDao _remoteAccessVpnDao = null; @Inject VpnUserDao _vpnUsersDao = null; @Inject DomainRouterManager _routerMgr; + @Inject RulesManager _rulesMgr; + @Inject LoadBalancingRulesManager _lbMgr; @Inject(adapter=NetworkGuru.class) Adapters _networkGurus; @@ -215,6 +219,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag SearchBuilder AccountsUsingNetworkConfigurationSearch; private Map _configs; + @Override public boolean sendSshKeysToHost(Long hostId, String pubKey, String prvKey) { @@ -805,78 +810,81 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag return answers[0].getResult(); } - @Override @DB + @DB + protected IPAddressVO releaseOwnershipOfIpAddress(String ipAddress) { + Transaction txn = Transaction.currentTxn(); + txn.start(); + IPAddressVO ip = _ipAddressDao.lockRow(ipAddress, true); + if (ip == null) { + s_logger.warn("Unable to find allocated ip: " + ipAddress); + return null; + } + + if (ip.getAllocated() == null) { + s_logger.debug("Ip Address is already rleeased: " + ipAddress); + return null; + } + + ip.setAccountId(null); + ip.setDomainId(null); + _ipAddressDao.update(ip.getAddress(), ip); + txn.commit(); + return ip; + } + + @Override public boolean releasePublicIpAddress(long userId, final String ipAddress) { - return false; // FIXME -// IPAddressVO ip = null; -// try { -// ip = _ipAddressDao.acquireInLockTable(ipAddress); -// -// if (ip == null) { -// s_logger.warn("Unable to find allocated ip: " + ipAddress); -// return false; -// } -// -// if(s_logger.isDebugEnabled()) { -// s_logger.debug("lock on ip " + ipAddress + " is acquired"); -// } -// -// if (ip.getAllocated() == null) { -// s_logger.warn("ip: " + ipAddress + " is already released"); -// return false; -// } -// -// if (s_logger.isDebugEnabled()) { -// s_logger.debug("Releasing ip " + ipAddress + "; sourceNat = " + ip.isSourceNat()); -// } -// -// -// final List ipAddrs = new ArrayList(); -// ipAddrs.add(ip.getAddress()); -// final List firewallRules = _rulesDao.listIPForwardingForUpdate(ipAddress); -// -// if (s_logger.isDebugEnabled()) { -// s_logger.debug("Found firewall rules: " + firewallRules.size()); -// } -// -// for (final PortForwardingRuleVO fw: firewallRules) { -// fw.setEnabled(false); -// } -// -// DomainRouterVO router = null; -// if (ip.isSourceNat()) { -// router = _routerMgr.getRouter(ipAddress); -// if (router != null) { -// if (router.getPublicIpAddress() != null) { -// return false; -// } -// } -// } else { -// router = _routerMgr.getRouter(ip.getAccountId(), ip.getDataCenterId()); -// } -// -// // Now send the updates down to the domR (note: we still hold locks on address and firewall) -// updateFirewallRules(ipAddress, firewallRules, router); -// -// for (final PortForwardingRuleVO rule: firewallRules) { -// _rulesDao.remove(rule.getId()); -// -// // Save and create the event -// String ruleName = (rule.isForwarding() ? "ip forwarding" : "load balancer"); -// String description = "deleted " + ruleName + " rule [" + rule.getSourceIpAddress() + ":" + rule.getSourcePort() -// + "]->[" + rule.getDestinationIpAddress() + ":" + rule.getDestinationPort() + "]" + " " -// + rule.getProtocol(); -// -// // save off an event for removing the network rule -// EventVO event = new EventVO(); -// event.setUserId(userId); -// event.setAccountId(ip.getAccountId()); -// event.setType(EventTypes.EVENT_NET_RULE_DELETE); -// event.setDescription(description); -// event.setLevel(EventVO.LEVEL_INFO); -// _eventDao.persist(event); -// } -// + IPAddressVO ip = releaseOwnershipOfIpAddress(ipAddress); + if (ip == null) { + return true; + } + + Ip addr = new Ip(ipAddress); + + if (s_logger.isDebugEnabled()) { + s_logger.debug("Releasing ip " + ipAddress + "; sourceNat = " + ip.isSourceNat()); + } + + boolean success = true; + try { + if (!_rulesMgr.revokeAllRules(addr, userId)) { + s_logger.warn("Unable to revoke all the port forwarding rules for ip " + ip); + success = false; + } + } catch (ResourceUnavailableException e) { + s_logger.warn("Unable to revoke all the port forwarding rules for ip " + ip, e); + success = false; + } + + if (!_lbMgr.removeAllLoadBalanacers(addr)) { + s_logger.warn("Unable to revoke all the load balancer rules for ip " + ip); + success = false; + } + + for (NetworkElement ne : _networkElements) { + try { + ne.disassociate(null, new Ip(ipAddress)); + } catch (ResourceUnavailableException e) { + s_logger.warn("Unable to release the ip address " + ip, e); + success = false; + } + } + + if (success) { + _ipAddressDao.unassignIpAddress(ipAddress); + s_logger.debug("released a public ip: " + ipAddress); + } + + final EventVO event = new EventVO(); + event.setUserId(userId); + event.setAccountId(ip.getAccountId()); + event.setType(EventTypes.EVENT_NET_IP_RELEASE); + event.setParameters("address=" + ipAddress + "\nsourceNat="+ip.isSourceNat()); + event.setDescription("released a public ip: " + ipAddress); + _eventDao.persist(event); + + return success; + // List loadBalancers = _loadBalancerDao.listByIpAddress(ipAddress); // for (LoadBalancerVO loadBalancer : loadBalancers) { // _loadBalancerDao.remove(loadBalancer.getId()); @@ -892,7 +900,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag // event.setLevel(EventVO.LEVEL_INFO); // _eventDao.persist(event); // } -// + // if ((router != null) && (router.getState() == State.Running)) { // if (s_logger.isDebugEnabled()) { // s_logger.debug("Disassociate ip " + router.getHostName()); @@ -917,29 +925,6 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag // return false; // } // } else { -// _ipAddressDao.unassignIpAddress(ipAddress); -// } -// s_logger.debug("released a public ip: " + ipAddress); -// final EventVO event = new EventVO(); -// event.setUserId(userId); -// event.setAccountId(ip.getAccountId()); -// event.setType(EventTypes.EVENT_NET_IP_RELEASE); -// event.setParameters("address=" + ipAddress + "\nsourceNat="+ip.isSourceNat()); -// event.setDescription("released a public ip: " + ipAddress); -// _eventDao.persist(event); -// -// return true; -// } catch (final Throwable e) { -// s_logger.warn("ManagementServer error", e); -// return false; -// } finally { -// if(ip != null) { -// if(s_logger.isDebugEnabled()) { -// s_logger.debug("Releasing lock on ip " + ipAddress); -// } -// _ipAddressDao.releaseFromLockTable(ipAddress); -// } -// } } @Override diff --git a/server/src/com/cloud/network/dao/IPAddressDaoImpl.java b/server/src/com/cloud/network/dao/IPAddressDaoImpl.java index 3c85cc6dc00..01ae7a8a408 100644 --- a/server/src/com/cloud/network/dao/IPAddressDaoImpl.java +++ b/server/src/com/cloud/network/dao/IPAddressDaoImpl.java @@ -61,6 +61,7 @@ public class IPAddressDaoImpl extends GenericDaoBase implem AccountSearch.done(); } + @Override public boolean mark(long dcId, String ip) { SearchCriteria sc = DcIpSearch.create(); sc.setParameters("dataCenterId", dcId); @@ -72,6 +73,7 @@ public class IPAddressDaoImpl extends GenericDaoBase implem return update(vo, sc) >= 1; } + @Override @DB public List assignAcccountSpecificIps(long accountId, long domainId, Long vlanDbId, boolean sourceNat) { @@ -110,6 +112,7 @@ public class IPAddressDaoImpl extends GenericDaoBase implem return null; } + @Override public void setIpAsSourceNat(String ipAddr){ IPAddressVO ip = createForUpdate(ipAddr); @@ -158,7 +161,8 @@ public class IPAddressDaoImpl extends GenericDaoBase implem address.setAccountId(null); address.setDomainId(null); address.setAllocated(null); - address.setSourceNat(false); + address.setSourceNat(false); + address.setOneToOneNat(false); update(ipAddress, address); } @@ -176,7 +180,8 @@ public class IPAddressDaoImpl extends GenericDaoBase implem return listIncludingRemovedBy(sc); } - public List listByDcIdIpAddress(long dcId, String ipAddress) { + @Override + public List listByDcIdIpAddress(long dcId, String ipAddress) { SearchCriteria sc = DcIpSearch.create(); sc.setParameters("dataCenterId", dcId); sc.setParameters("ipAddress", ipAddress); diff --git a/server/src/com/cloud/network/element/DomainRouterElement.java b/server/src/com/cloud/network/element/DomainRouterElement.java index 1e7197f679c..85714a8f6e1 100644 --- a/server/src/com/cloud/network/element/DomainRouterElement.java +++ b/server/src/com/cloud/network/element/DomainRouterElement.java @@ -39,6 +39,7 @@ import com.cloud.offering.NetworkOffering.GuestIpType; import com.cloud.uservm.UserVm; import com.cloud.utils.component.AdapterBase; import com.cloud.utils.component.Inject; +import com.cloud.utils.net.Ip; import com.cloud.vm.DomainRouterVO; import com.cloud.vm.NicProfile; import com.cloud.vm.ReservationContext; @@ -123,6 +124,19 @@ public class DomainRouterElement extends AdapterBase implements NetworkElement { @Override public boolean applyRules(Network config, List rules) throws ResourceUnavailableException { + + return false; + } + + @Override + public boolean associate(Network network, Ip ipAddress) throws ResourceUnavailableException { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean disassociate(Network network, Ip ipAddress) throws ResourceUnavailableException { + // TODO Auto-generated method stub return false; } } diff --git a/server/src/com/cloud/network/rules/RulesManager.java b/server/src/com/cloud/network/rules/RulesManager.java index e0917837358..f275e7ffe4b 100644 --- a/server/src/com/cloud/network/rules/RulesManager.java +++ b/server/src/com/cloud/network/rules/RulesManager.java @@ -20,6 +20,7 @@ package com.cloud.network.rules; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.PermissionDeniedException; +import com.cloud.exception.ResourceUnavailableException; import com.cloud.network.IpAddress; import com.cloud.user.Account; import com.cloud.uservm.UserVm; @@ -54,4 +55,6 @@ public interface RulesManager extends RulesService { void detectRulesConflict(FirewallRule newRule, IpAddress ipAddress) throws NetworkRuleConflictException; void checkIpAndUserVm(IpAddress ipAddress, UserVm userVm, Account caller) throws InvalidParameterValueException, PermissionDeniedException; + + boolean revokeAllRules(Ip ip, long userId) throws ResourceUnavailableException; } diff --git a/server/src/com/cloud/network/rules/RulesManagerImpl.java b/server/src/com/cloud/network/rules/RulesManagerImpl.java index b1f72c8dfd0..dced749ee22 100644 --- a/server/src/com/cloud/network/rules/RulesManagerImpl.java +++ b/server/src/com/cloud/network/rules/RulesManagerImpl.java @@ -29,6 +29,7 @@ import com.cloud.api.commands.ListPortForwardingRulesCmd; import com.cloud.event.EventTypes; import com.cloud.event.EventUtils; import com.cloud.event.EventVO; +import com.cloud.event.dao.EventDao; import com.cloud.exception.InvalidParameterValueException; import com.cloud.exception.NetworkRuleConflictException; import com.cloud.exception.PermissionDeniedException; @@ -39,6 +40,7 @@ import com.cloud.network.Network; import com.cloud.network.NetworkManager; import com.cloud.network.dao.FirewallRulesDao; import com.cloud.network.dao.IPAddressDao; +import com.cloud.network.rules.FirewallRule.Purpose; import com.cloud.network.rules.FirewallRule.State; import com.cloud.network.rules.dao.PortForwardingRulesDao; import com.cloud.offering.NetworkOffering.GuestIpType; @@ -69,6 +71,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { @Inject UserVmDao _vmDao; @Inject AccountManager _accountMgr; @Inject NetworkManager _networkMgr; + @Inject EventDao _eventDao; @Override public void detectRulesConflict(FirewallRule newRule, IpAddress ipAddress) throws NetworkRuleConflictException { @@ -264,8 +267,10 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { } @DB - protected void revokeRule(FirewallRuleVO rule, Account caller) { - _accountMgr.checkAccess(caller, rule); + protected void revokeRule(FirewallRuleVO rule, Account caller, long userId) { + if (caller != null) { + _accountMgr.checkAccess(caller, rule); + } Transaction txn = Transaction.currentTxn(); txn.start(); @@ -286,6 +291,24 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { ipAddress.setOneToOneNat(false); _ipAddressDao.update(ipAddress.getAddress(), ipAddress); } + + // Save and create the event + String ruleName = rule.getPurpose() == Purpose.Firewall ? "Firewall" : (rule.getProtocol().equals(NetUtils.NAT_PROTO) ? "ip forwarding" : "port forwarding"); + StringBuilder description = new StringBuilder("deleted ").append(ruleName).append(" rule [").append(rule.getSourceIpAddress()).append(":").append(rule.getSourcePortStart()).append("-").append(rule.getSourcePortEnd()).append("]"); + if (rule.getPurpose() == Purpose.PortForwarding) { + PortForwardingRuleVO pfRule = (PortForwardingRuleVO)rule; + description.append("->[").append(pfRule.getDestinationIpAddress()).append(":").append(pfRule.getDestinationPortStart()).append("-").append(pfRule.getDestinationPortEnd()).append("]"); + } + description.append(" ").append(rule.getProtocol()); + + // save off an event for removing the network rule + EventVO event = new EventVO(); + event.setUserId(userId); + event.setAccountId(rule.getAccountId()); + event.setType(EventTypes.EVENT_NET_RULE_DELETE); + event.setDescription(description.toString()); + event.setLevel(EventVO.LEVEL_INFO); + _eventDao.persist(event); } @Override @@ -299,13 +322,7 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { } _accountMgr.checkAccess(caller, rule); - revokeRule(rule, caller); - String description; - String type = EventTypes.EVENT_NET_RULE_DELETE; - String level = EventVO.LEVEL_INFO; - - description = "deleted ip forwarding rule [" + rule.getSourceIpAddress() + ":" + rule.getSourcePortStart() + "]->[" + rule.getDestinationIpAddress() + ":" + rule.getDestinationPortStart() + "] " + rule.getProtocol(); - EventUtils.saveEvent(ctx.getUserId(), rule.getAccountId(), level, type, description); + revokeRule(rule, caller, ctx.getUserId()); if (apply) { applyPortForwardingRules(rule.getSourceIpAddress(), true); @@ -379,6 +396,29 @@ public class RulesManagerImpl implements RulesManager, RulesService, Manager { public boolean applyPortForwardingRules(Ip ip, Account caller) throws ResourceUnavailableException { return applyPortForwardingRules(ip, false, caller); } + + @Override @DB + public boolean revokeAllRules(Ip ip, long userId) throws ResourceUnavailableException { + List rules = _forwardingDao.listByIpAndNotRevoked(ip); + if (s_logger.isDebugEnabled()) { + s_logger.debug("Releasing " + rules.size() + " rules for " + ip); + } + + for (PortForwardingRuleVO rule : rules) { + revokeRule(rule, null, userId); + } + + applyPortForwardingRules(ip, true, null); + + // Now we check again in case more rules have been inserted. + rules = _forwardingDao.listByIpAndNotRevoked(ip); + + if (s_logger.isDebugEnabled()) { + s_logger.debug("Successfully released rules for " + ip + " and # of rules now = " + rules.size()); + } + + return rules.size() == 0; + } @Override public boolean configure(String name, Map params) throws ConfigurationException { From b0abda3c493256d89455094b07e45b685190140c Mon Sep 17 00:00:00 2001 From: abhishek Date: Fri, 3 Dec 2010 09:37:02 -0800 Subject: [PATCH 07/70] some changes to domain specific offerings for the UI to consume --- api/src/com/cloud/api/commands/CreateDiskOfferingCmd.java | 8 ++++++++ .../com/cloud/api/response/ServiceOfferingResponse.java | 2 +- .../com/cloud/configuration/ConfigurationManagerImpl.java | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/api/src/com/cloud/api/commands/CreateDiskOfferingCmd.java b/api/src/com/cloud/api/commands/CreateDiskOfferingCmd.java index 1fa54340879..d7cb6279b04 100755 --- a/api/src/com/cloud/api/commands/CreateDiskOfferingCmd.java +++ b/api/src/com/cloud/api/commands/CreateDiskOfferingCmd.java @@ -24,6 +24,7 @@ import com.cloud.api.BaseCmd; import com.cloud.api.Implementation; import com.cloud.api.Parameter; import com.cloud.api.ServerApiException; +import com.cloud.api.BaseCmd.CommandType; import com.cloud.api.response.DiskOfferingResponse; import com.cloud.offering.DiskOffering; @@ -51,6 +52,10 @@ public class CreateDiskOfferingCmd extends BaseCmd { @Parameter(name=ApiConstants.CUSTOMIZED, type=CommandType.BOOLEAN, description="whether disk offering is custom or not") private Boolean customized; + + @Parameter(name=ApiConstants.DOMAIN_ID, type=CommandType.LONG, description="the ID of the containing domain, null for public offerings") + private Long domainId; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -75,6 +80,9 @@ public class CreateDiskOfferingCmd extends BaseCmd { return customized; } + public Long getDomainId(){ + return domainId; + } ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// diff --git a/api/src/com/cloud/api/response/ServiceOfferingResponse.java b/api/src/com/cloud/api/response/ServiceOfferingResponse.java index 5eb505f6708..cb3e9da7c10 100644 --- a/api/src/com/cloud/api/response/ServiceOfferingResponse.java +++ b/api/src/com/cloud/api/response/ServiceOfferingResponse.java @@ -57,7 +57,7 @@ public class ServiceOfferingResponse extends BaseResponse { @SerializedName("tags") @Param(description="the tags for the service offering") private String tags; - @SerializedName("domainId") @Param(description="the domain id of the service offering") + @SerializedName("domainid") @Param(description="the domain id of the service offering") private Long domainId; @SerializedName(ApiConstants.DOMAIN) @Param(description="Domain name for the offering") diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index 22547a2b5a5..3ae68fee580 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -1284,7 +1284,7 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura Long numGibibytes = cmd.getDiskSize(); Boolean isCustomized = cmd.isCustomized() != null ? cmd.isCustomized() : false; //false by default String tags = cmd.getTags(); - Long domainId = Long.valueOf(DomainVO.ROOT_DOMAIN); // disk offering always gets created under the root domain.Bug # 6055 + Long domainId = cmd.getDomainId() != null ? cmd.getDomainId() : Long.valueOf(DomainVO.ROOT_DOMAIN); // disk offering always gets created under the root domain.Bug # 6055 if not passed in cmd if(!isCustomized && numGibibytes == null){ throw new InvalidParameterValueException("Disksize is required for non-customized disk offering"); From 5db9ba61d9592c7a6e5358917294f589a6e80cdb Mon Sep 17 00:00:00 2001 From: Alex Huang Date: Fri, 3 Dec 2010 09:46:35 -0800 Subject: [PATCH 08/70] extra comma --- server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java | 2 +- setup/db/create-schema.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java index cfced36b037..f1a7033edee 100755 --- a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java +++ b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java @@ -1165,7 +1165,7 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma } catch (Exception ex) { s_logger.error("error getting last id", ex); } - return null; + return 1l; } private void _updateSnapshotSeq(Long seq) { diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index d4abe6d7e7e..2c87a2f4532 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -447,7 +447,7 @@ CREATE TABLE `cloud`.`firewall_rules` ( PRIMARY KEY (`id`), CONSTRAINT `fk_firewall_rules__network_id` FOREIGN KEY(`network_id`) REFERENCES `network`(`id`) ON DELETE CASCADE, CONSTRAINT `fk_firewall_rules__account_id` FOREIGN KEY(`account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE, - CONSTRAINT `fk_firewall_rules__domain_id` FOREIGN KEY(`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE, + CONSTRAINT `fk_firewall_rules__domain_id` FOREIGN KEY(`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; CREATE TABLE `cloud`.`load_balancing_rules` ( From 286fa7248be452d140e8c4ecb10b93730663e32a Mon Sep 17 00:00:00 2001 From: abhishek Date: Fri, 3 Dec 2010 09:45:05 -0800 Subject: [PATCH 09/70] bug 7414: changing the start.retry param to 10 status 7414: resolved fixed --- server/src/com/cloud/configuration/Config.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 7c635d030a1..e866b8e6a8b 100644 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -129,7 +129,7 @@ public enum Config { RouterCleanupInterval("Advanced", ManagementServer.class, Integer.class, "router.cleanup.interval", "3600", "Time in seconds identifies when to stop router when there are no user vms associated with it", null), RouterStatsInterval("Advanced", NetworkManager.class, Integer.class, "router.stats.interval", "300", "Interval to report router statistics.", null), RouterTemplateId("Advanced", NetworkManager.class, Long.class, "router.template.id", "1", "Default ID for template.", null), - StartRetry("Advanced", AgentManager.class, Integer.class, "start.retry", "2", "Number of times to retry create and start commands", null), + StartRetry("Advanced", AgentManager.class, Integer.class, "start.retry", "10", "Number of times to retry create and start commands", null), StopRetryInterval("Advanced", HighAvailabilityManager.class, Integer.class, "stop.retry.interval", "600", "Time in seconds between retries to stop or destroy a vm" , null), StorageCleanupInterval("Advanced", StorageManager.class, Integer.class, "storage.cleanup.interval", "86400", "The interval to wait before running the storage cleanup thread.", null), StorageCleanupEnabled("Advanced", StorageManager.class, Boolean.class, "storage.cleanup.enabled", "true", "Enables/disables the storage cleanup thread.", null), From 4fc18ce76017c49343bae7fbfd7705d105809df2 Mon Sep 17 00:00:00 2001 From: abhishek Date: Fri, 3 Dec 2010 09:54:21 -0800 Subject: [PATCH 10/70] bug 7414: defaulting startretry to 10 at all references in code --- server/src/com/cloud/storage/StorageManagerImpl.java | 2 +- server/src/com/cloud/vm/MauriceMoss.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/server/src/com/cloud/storage/StorageManagerImpl.java b/server/src/com/cloud/storage/StorageManagerImpl.java index 831042001d8..4760105532a 100755 --- a/server/src/com/cloud/storage/StorageManagerImpl.java +++ b/server/src/com/cloud/storage/StorageManagerImpl.java @@ -1082,7 +1082,7 @@ public class StorageManagerImpl implements StorageManager, StorageService, Manag _overProvisioningFactor = Integer.parseInt(overProvisioningFactorStr); } - _retry = NumbersUtil.parseInt(configs.get(Config.StartRetry.key()), 2); + _retry = NumbersUtil.parseInt(configs.get(Config.StartRetry.key()), 10); _pingInterval = NumbersUtil.parseInt(configs.get("ping.interval"), 60); _hostRetry = NumbersUtil.parseInt(configs.get("host.retry"), 2); _storagePoolAcquisitionWaitSeconds = NumbersUtil.parseInt(configs.get("pool.acquisition.wait.seconds"), 1800); diff --git a/server/src/com/cloud/vm/MauriceMoss.java b/server/src/com/cloud/vm/MauriceMoss.java index a435d05e83d..716db3cf07b 100644 --- a/server/src/com/cloud/vm/MauriceMoss.java +++ b/server/src/com/cloud/vm/MauriceMoss.java @@ -260,7 +260,7 @@ public class MauriceMoss implements VmManager, ClusterManagerListener { ConfigurationDao configDao = locator.getDao(ConfigurationDao.class); Map params = configDao.getConfiguration(xmlParams); - _retry = NumbersUtil.parseInt(params.get(Config.StartRetry.key()), 2); + _retry = NumbersUtil.parseInt(params.get(Config.StartRetry.key()), 10); ReservationContextImpl.setComponents(_userDao, _domainDao, _accountDao); VirtualMachineProfileImpl.setComponents(_offeringDao, _templateDao, _accountDao); From 8a4d170892ca019026137a2dfef0137154d478d9 Mon Sep 17 00:00:00 2001 From: root Date: Fri, 3 Dec 2010 10:06:23 -0800 Subject: [PATCH 11/70] correct misspelling --- server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java | 2 -- setup/db/create-schema.sql | 2 +- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java index f1a7033edee..7e571fa49ff 100755 --- a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java +++ b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java @@ -314,8 +314,6 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma } return createdSnapshot; - - } diff --git a/setup/db/create-schema.sql b/setup/db/create-schema.sql index 2c87a2f4532..9fc3695216f 100755 --- a/setup/db/create-schema.sql +++ b/setup/db/create-schema.sql @@ -445,7 +445,7 @@ CREATE TABLE `cloud`.`firewall_rules` ( `xid` char(40) NOT NULL COMMENT 'external id', `created` datetime COMMENT 'Date created', PRIMARY KEY (`id`), - CONSTRAINT `fk_firewall_rules__network_id` FOREIGN KEY(`network_id`) REFERENCES `network`(`id`) ON DELETE CASCADE, + CONSTRAINT `fk_firewall_rules__network_id` FOREIGN KEY(`network_id`) REFERENCES `networks`(`id`) ON DELETE CASCADE, CONSTRAINT `fk_firewall_rules__account_id` FOREIGN KEY(`account_id`) REFERENCES `account`(`id`) ON DELETE CASCADE, CONSTRAINT `fk_firewall_rules__domain_id` FOREIGN KEY(`domain_id`) REFERENCES `domain`(`id`) ON DELETE CASCADE ) ENGINE=InnoDB DEFAULT CHARSET=utf8; From e393e15f7a9fe890ca2c8e61e066e29d782ab3a6 Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Fri, 3 Dec 2010 11:19:28 -0800 Subject: [PATCH 12/70] fix a bug that "no items available" was not removed when primary storage was created. --- ui/scripts/cloud.core.cluster.js | 8 +++----- ui/scripts/cloud.core.pod.js | 2 +- ui/scripts/cloud.core.resource.js | 2 +- ui/scripts/cloud.core.zone.js | 2 +- 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/ui/scripts/cloud.core.cluster.js b/ui/scripts/cloud.core.cluster.js index cc920c1cf18..896d8a7be54 100644 --- a/ui/scripts/cloud.core.cluster.js +++ b/ui/scripts/cloud.core.cluster.js @@ -38,8 +38,7 @@ function afterLoadClusterJSP($leftmenuItem1) { var $header1 = $("#midmenu_itemheader_without_margin").clone().show(); //without margin on top $header1.find("#name").text("Host"); $container_host.append($header1); - //listMidMenuItems2(("listHosts&type=Routing&clusterid="+clusterId), "listhostsresponse", "host", hostToMidmenu, hostToRightPanel, hostGetMidmenuId, false, 1); - var count = 0; + var count = 0; $.ajax({ cache: false, data: createURL("command=listHosts&type=Routing&clusterid="+clusterId), @@ -63,7 +62,7 @@ function afterLoadClusterJSP($leftmenuItem1) { count = items.length; } else { - $container_host.append($("#midmenu_container_no_items_available").clone().show()); + $container_host.append($("#midmenu_container_no_items_available").clone().attr("id","midmenu_container_no_items_available_clone").show()); } } }); @@ -75,7 +74,6 @@ function afterLoadClusterJSP($leftmenuItem1) { var $header2 = $("#midmenu_itemheader_with_margin").clone().show(); //with margin on top $header2.find("#name").text("Primary Storage"); $container_primarystorage.append($header2); - //listMidMenuItems2(("listStoragePools&clusterid="+clusterId), "liststoragepoolsresponse", "storagepool", primarystorageToMidmenu, primarystorageToRightPanel, primarystorageGetMidmenuId, false, 1); var count = 0; $.ajax({ cache: false, @@ -96,7 +94,7 @@ function afterLoadClusterJSP($leftmenuItem1) { count = items.length; } else { - $container_primarystorage.append($("#midmenu_container_no_items_available").clone().show()); + $container_primarystorage.append($("#midmenu_container_no_items_available").clone().attr("id","midmenu_container_no_items_available_clone").show()); } } }); diff --git a/ui/scripts/cloud.core.pod.js b/ui/scripts/cloud.core.pod.js index 424e7fa39a0..5d109fe415d 100644 --- a/ui/scripts/cloud.core.pod.js +++ b/ui/scripts/cloud.core.pod.js @@ -543,7 +543,7 @@ function initAddPrimaryStorageButton($button, currentPageInRightPanel, $leftmenu } else { var $container = $("#midmenu_container").find("#midmenu_primarystorage_container"); - var $noItemsAvailable = $container.siblings("#midmenu_container_no_items_available"); + var $noItemsAvailable = $container.find("#midmenu_container_no_items_available_clone"); if($noItemsAvailable.length > 0) { $noItemsAvailable.slideUp("slow", function() { $(this).remove(); diff --git a/ui/scripts/cloud.core.resource.js b/ui/scripts/cloud.core.resource.js index 20d3d861eb3..e37f3668fdc 100644 --- a/ui/scripts/cloud.core.resource.js +++ b/ui/scripts/cloud.core.resource.js @@ -1145,7 +1145,7 @@ function initAddPrimaryStorageShortcut($midmenuAddLink2, currentPageInRightPanel } else { var $container = $("#midmenu_container").find("#midmenu_primarystorage_container"); - var $noItemsAvailable = $container.siblings("#midmenu_container_no_items_available"); + var $noItemsAvailable = $container.find("#midmenu_container_no_items_available_clone"); if($noItemsAvailable.length > 0) { $noItemsAvailable.slideUp("slow", function() { $(this).remove(); diff --git a/ui/scripts/cloud.core.zone.js b/ui/scripts/cloud.core.zone.js index 8e3016000e0..0cbf85fcac9 100644 --- a/ui/scripts/cloud.core.zone.js +++ b/ui/scripts/cloud.core.zone.js @@ -1195,7 +1195,7 @@ function initAddPrimaryStorageButtonOnZonePage($button, zoneId, zoneName) { } else { var $container = $("#midmenu_container").find("#midmenu_primarystorage_container"); - var $noItemsAvailable = $container.siblings("#midmenu_container_no_items_available"); + var $noItemsAvailable = $container.find("#midmenu_container_no_items_available_clone"); if($noItemsAvailable.length > 0) { $noItemsAvailable.slideUp("slow", function() { $(this).remove(); From 4f2790c09bb302c053427aaf14e832a12958f413 Mon Sep 17 00:00:00 2001 From: anthony Date: Fri, 3 Dec 2010 11:23:59 -0800 Subject: [PATCH 13/70] move db migration to script --- .../storage/snapshot/SnapshotManagerImpl.java | 46 ------------------- setup/db/data-21to22.sql | 1 + setup/db/data-22beta1to22beta2.sql | 1 + 3 files changed, 2 insertions(+), 46 deletions(-) diff --git a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java index 7e571fa49ff..fb7bb279e0d 100755 --- a/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java +++ b/server/src/com/cloud/storage/snapshot/SnapshotManagerImpl.java @@ -18,8 +18,6 @@ package com.cloud.storage.snapshot; -import java.sql.PreparedStatement; -import java.sql.ResultSet; import java.util.ArrayList; import java.util.Date; import java.util.List; @@ -111,8 +109,6 @@ import com.cloud.vm.dao.UserVmDao; @Local(value={SnapshotManager.class, SnapshotService.class}) public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Manager { private static final Logger s_logger = Logger.getLogger(SnapshotManagerImpl.class); - private static final String GET_LAST_ID = "SELECT id FROM cloud.snapshots ORDER BY id DESC LIMIT 1"; - private static final String UPDATE_SNAPSHOT_SEQ = "UPDATE cloud.sequence SET value=? WHERE name='snapshots_seq'"; @Inject protected HostDao _hostDao; @Inject protected UserVmDao _vmDao; @@ -1150,40 +1146,6 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma return _snapshotDao.getNextInSequence(Long.class, "id"); } - private Long _getLastId() { - Transaction txn = Transaction.open(Transaction.CLOUD_DB); - PreparedStatement pstmt = null; - String sql = GET_LAST_ID; - try { - pstmt = txn.prepareAutoCloseStatement(sql); - ResultSet rs = pstmt.executeQuery(); - if (rs.next()) { - return Long.valueOf(rs.getLong(1)); - } - } catch (Exception ex) { - s_logger.error("error getting last id", ex); - } - return 1l; - } - - private void _updateSnapshotSeq(Long seq) { - Transaction txn = Transaction.open(Transaction.CLOUD_DB); - try { - txn.start(); - String sql = UPDATE_SNAPSHOT_SEQ; - PreparedStatement pstmt = null; - pstmt = txn.prepareAutoCloseStatement(sql); - pstmt.setLong(1, seq.longValue()); - pstmt.execute(); - txn.commit(); - } catch (Exception ex) { - txn.rollback(); - String msg = "error seting snapshots_seq to " + seq; - s_logger.error(msg, ex); - throw new CloudRuntimeException(msg, ex); - } - } - @Override public boolean configure(String name, Map params) throws ConfigurationException { _name = name; @@ -1203,14 +1165,6 @@ public class SnapshotManagerImpl implements SnapshotManager, SnapshotService, Ma _totalRetries = NumbersUtil.parseInt(configDao.getValue("total.retries"), 4); _pauseInterval = 2*NumbersUtil.parseInt(configDao.getValue("ping.interval"), 60); - Long lastId = _getLastId(); - if ( lastId == null ) { - String msg = "Can not get last id of snapshots"; - s_logger.error(msg); - throw new CloudRuntimeException(msg); - } - s_logger.info("Set shapshot sequence to " + (lastId + 1)); - _updateSnapshotSeq( lastId + 1 ); s_logger.info("Snapshot Manager is configured."); return true; diff --git a/setup/db/data-21to22.sql b/setup/db/data-21to22.sql index 7fcc35e36a8..5a7f82136be 100644 --- a/setup/db/data-21to22.sql +++ b/setup/db/data-21to22.sql @@ -17,5 +17,6 @@ INSERT INTO vm_template (id, unique_name, name, public, created, type, hvm, bits Update configuration set name='storage.max.volume.size' where name='max.volume.size.mb'; INSERT INTO sequence (name, value) VALUES ('snapshots_seq', '1') +UPDATE cloud.sequence SET value=IF((SELECT COUNT(*) FROM cloud.snapshots) > 0, (SELECT max(id) FROM cloud.snapshots) + 1, 1) WHERE name='snapshots_seq' COMMIT; diff --git a/setup/db/data-22beta1to22beta2.sql b/setup/db/data-22beta1to22beta2.sql index f52a94b3651..1d082a6fd8d 100644 --- a/setup/db/data-22beta1to22beta2.sql +++ b/setup/db/data-22beta1to22beta2.sql @@ -1,2 +1,3 @@ INSERT INTO sequence (name, value) VALUES ('snapshots_seq', '1') +UPDATE cloud.sequence SET value=IF((SELECT COUNT(*) FROM cloud.snapshots) > 0, (SELECT max(id) FROM cloud.snapshots) + 1, 1) WHERE name='snapshots_seq' From 7a80bf102f75793358b5dca9c2bcc92c228309b9 Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Fri, 3 Dec 2010 11:51:48 -0800 Subject: [PATCH 14/70] Disk Offering - add public/private option and domain dropdown during creation. Support domain to be updated after a disk offering is created. --- ui/jsp/diskoffering.jsp | 16 ++++++ ui/scripts/cloud.core.diskoffering.js | 64 ++++++++++++++++++------ ui/scripts/cloud.core.serviceoffering.js | 3 +- 3 files changed, 67 insertions(+), 16 deletions(-) diff --git a/ui/jsp/diskoffering.jsp b/ui/jsp/diskoffering.jsp index 05e859da0fa..e0249ef867c 100644 --- a/ui/jsp/diskoffering.jsp +++ b/ui/jsp/diskoffering.jsp @@ -119,6 +119,8 @@
+
+ + + - \ No newline at end of file + + + + + \ No newline at end of file diff --git a/ui/scripts/cloud.core.domain.js b/ui/scripts/cloud.core.domain.js index e87906a0eca..72b4603cd06 100644 --- a/ui/scripts/cloud.core.domain.js +++ b/ui/scripts/cloud.core.domain.js @@ -58,7 +58,7 @@ function drawNode(json, level, container) { childParentMap[json.id] = json.parentdomainid; //map childDomainId to parentDomainId domainIdNameMap[json.id] = json.name; //map domainId to domainName - var $treeNode = $("#domain_tree_node_template").clone(true); + var $treeNode = $("#domain_tree_node_template").clone(true).attr("id", "domain_tree_node_template_clone"); $treeNode.find("#domain_indent").css("marginLeft", (30*(level+1))); $treeNode.attr("id", "domain_"+fromdb(json.id)); $treeNode.data("jsonObj", json).data("domainLevel", level); @@ -115,9 +115,85 @@ function domainAccountJSONToTemplate(jsonObj, $template) { $template.find("#state").text(jsonObj.state); } +function afterLoadDomainJSP() { + if(isAdmin()) { + initAddDomainDialog(); + } +} + +function initAddDomainDialog() { + initDialog("dialog_add_domain", 450); + + var $dialogAddDomain = $("#dialog_add_domain"); + + $.ajax({ + data: createURL("command=listDomains"), + dataType: "json", + async: false, + success: function(json) { + var $domainDropdown1 = $dialogAddDomain.find("#domain_dropdown").empty(); + var domains = json.listdomainsresponse.domain; + if (domains != null && domains.length > 0) { + for (var i = 0; i < domains.length; i++) { + $domainDropdown1.append(""); + } + } + } + }); + + //add button *** + $("#midmenu_add_link").find("#label").text("Add Domain"); + $("#midmenu_add_link").show(); + $("#midmenu_add_link").unbind("click").bind("click", function(event) { + $dialogAddDomain + .dialog('option', 'buttons', { + "Create": function() { + var $thisDialog = $(this); + + // validate values + var isValid = true; + isValid &= validateString("Name", $thisDialog.find("#add_domain_name"), $thisDialog.find("#add_domain_name_errormsg")); + if (!isValid) + return; + + $thisDialog.dialog("close"); + + var array1 = []; + var name = trim($thisDialog.find("#add_domain_name").val()); + array1.push("&name="+todb(name)); + + var parentDomainId = $thisDialog.find("#domain_dropdown").val(); + array1.push("&parentdomainid="+parentDomainId); + + $.ajax({ + data: createURL("command=createDomain"+array1.join("")), + dataType: "json", + async: false, + success: function(json) { + var item = json.createdomainresponse.domain; + var $parentDomainNode = $("#leftmenu_domain_tree").find("#domain_"+item.parentdomainid); + + var $expandIcon = $parentDomainNode.find("#domain_expand_icon_"+item.parentdomainid); + if($expandIcon.hasClass("expanded_close")) + $expandIcon.click(); //expand parentDomain node + drawNode(item, item.level, $("#domain_children_container_"+item.parentdomainid)); + } + }); + }, + "Cancel": function() { + $(this).dialog("close"); + } + }).dialog("open"); + + return false; + }); +} + function domainToRightPanel($leftmenuItem1) { if($("#domain_grid_container").length == 0) { //domain.jsp is not loaded in right panel - $("#right_panel").load("jsp/domain.jsp", function(){ + $("#right_panel").load("jsp/domain.jsp", function(){ + afterLoadDomainJSP(); + //switch between different tabs var tabArray = [$("#tab_details"), $("#tab_resource_limits"), $("#tab_admin_account")]; var tabContentArray = [$("#tab_content_details"), $("#tab_content_resource_limits"), $("#tab_content_admin_account")]; From 9def6cd994faa1298f9bdd56a0c25f66b3a32022 Mon Sep 17 00:00:00 2001 From: Frank Zhang Date: Fri, 3 Dec 2010 17:18:10 -0800 Subject: [PATCH 26/70] clean up hardcoding in cloud.spec with wildcard --- cloud.spec | 29 +++++++---------------------- wscript_configure | 2 ++ 2 files changed, 9 insertions(+), 22 deletions(-) diff --git a/cloud.spec b/cloud.spec index 1134a55009d..badaca07d0c 100644 --- a/cloud.spec +++ b/cloud.spec @@ -347,7 +347,7 @@ echo Doing open source build %clean -[ ${RPM_BUILD_ROOT} != "/" ] && rm -rf ${RPM_BUILD_ROOT} +#[ ${RPM_BUILD_ROOT} != "/" ] && rm -rf ${RPM_BUILD_ROOT} %preun client @@ -510,33 +510,20 @@ fi %files client %defattr(0644,root,root,0755) -%{_sysconfdir}/%{name}/management/catalina.policy -%{_sysconfdir}/%{name}/management/*.properties -%{_sysconfdir}/%{name}/management/resources/*.properties -%{_sysconfdir}/%{name}/management/components.xml -%{_sysconfdir}/%{name}/management/context.xml +%{_sysconfdir}/%{name}/management/* +%if %{_premium} +%exclude %{_sysconfdir}/%{name}/management/*premium* +%endif %config(noreplace) %attr(640,root,%{name}) %{_sysconfdir}/%{name}/management/db.properties -%{_sysconfdir}/%{name}/management/environment.properties -%{_sysconfdir}/%{name}/management/ehcache.xml %config(noreplace) %{_sysconfdir}/%{name}/management/log4j-%{name}.xml -%{_sysconfdir}/%{name}/management/logging.properties -%{_sysconfdir}/%{name}/management/server.xml %config(noreplace) %{_sysconfdir}/%{name}/management/tomcat6.conf -%{_sysconfdir}/%{name}/management/classpath.conf -%{_sysconfdir}/%{name}/management/tomcat-users.xml -%{_sysconfdir}/%{name}/management/web.xml %dir %attr(770,root,%{name}) %{_sysconfdir}/%{name}/management/Catalina %dir %attr(770,root,%{name}) %{_sysconfdir}/%{name}/management/Catalina/localhost %dir %attr(770,root,%{name}) %{_sysconfdir}/%{name}/management/Catalina/localhost/client %config %{_sysconfdir}/sysconfig/%{name}-management %attr(0755,root,root) %{_initrddir}/%{name}-management %dir %{_datadir}/%{name}/management -%{_datadir}/%{name}/management/bin -%{_datadir}/%{name}/management/conf -%{_datadir}/%{name}/management/lib -%{_datadir}/%{name}/management/logs -%{_datadir}/%{name}/management/temp -%{_datadir}/%{name}/management/work +%{_datadir}/%{name}/management/* %attr(755,root,root) %{_bindir}/%{name}-setup-management %attr(755,root,root) %{_bindir}/%{name}-update-xenserver-licenses %dir %attr(770,root,%{name}) %{_sharedstatedir}/%{name}/mnt @@ -570,9 +557,7 @@ fi %files console-proxy %defattr(0644,root,root,0755) %{_javadir}/%{name}-console*.jar -%config(noreplace) %{_sysconfdir}/%{name}/console-proxy/agent.properties -%config(noreplace) %{_sysconfdir}/%{name}/console-proxy/consoleproxy.properties -%config(noreplace) %{_sysconfdir}/%{name}/console-proxy/log4j-%{name}.xml +%config(noreplace) %{_sysconfdir}/%{name}/console-proxy/* %attr(0755,root,root) %{_initrddir}/%{name}-console-proxy %attr(0755,root,root) %{_libexecdir}/console-proxy-runner %{_libdir}/%{name}/console-proxy/* diff --git a/wscript_configure b/wscript_configure index d941510c5f0..16ce2643740 100644 --- a/wscript_configure +++ b/wscript_configure @@ -33,6 +33,8 @@ systemjars = { 'Fedora': ( "tomcat6-servlet-2.5-api.jar", + "tomcat6-jsp-2.1-api-6.0.26.jar", + "tomcat6-el-2.1-api-6.0.26.jar", #"tomcat6/catalina.jar", # all supported distros put the file there ), 'CentOS': From 54ece4c4606ce88e0801553e3af0dc957f1f8fab Mon Sep 17 00:00:00 2001 From: will Date: Fri, 3 Dec 2010 16:12:52 -0800 Subject: [PATCH 27/70] - Enable virtual networking mode in the VM wizard. --- ui/jsp/instance.jsp | 17 +++----- ui/scripts/cloud.core.instance.js | 72 ++++++++++++++++++++++++++++--- 2 files changed, 74 insertions(+), 15 deletions(-) diff --git a/ui/jsp/instance.jsp b/ui/jsp/instance.jsp index 2b2a0889475..54cd50b78b1 100644 --- a/ui/jsp/instance.jsp +++ b/ui/jsp/instance.jsp @@ -622,24 +622,20 @@

-
-
-

Under Construction

-
-
- - +
+ +
-

- A virtual private network that is fronted by a virtual router. +

+ A dedicated virtualized network for your account. The broadcast domain is contrained within a VLAN and all public network access is routed out by a virtual router.

+
diff --git a/ui/scripts/cloud.core.instance.js b/ui/scripts/cloud.core.instance.js index 0672beba468..311fbae4f9b 100644 --- a/ui/scripts/cloud.core.instance.js +++ b/ui/scripts/cloud.core.instance.js @@ -479,9 +479,51 @@ function initVMWizard() { //Safari and Chrome are not smart enough to make checkbox checked if html markup is appended by JQuery.append(). So, the following 2 lines are added. var html_all = $rootDiskOfferingContainer.html(); $rootDiskOfferingContainer.html(html_all); - //***** root disk offering: "custom", existing disk offerings in database (end) ********************************************************************* + //***** root disk offering: "custom", existing disk offerings in database (end) ********************************************************************* } - }); + }); + + // Setup networks + $.ajax({ + data: createURL("command=listNetworks"), + dataType: "json", + async: false, + success: function(json) { + var networks = json.listnetworksresponse.network; + var virtualNetwork = null; + if (networks != null && networks.length > 0) { + for (var i = 0; i < networks.length; i++) { + if (networks[i].type == 'Virtualized') { + virtualNetwork = network[i]; + } + } + } + var $virtualNetworkElement = $("#vm_popup #network_virtual_container"); + + if (virtualNetwork == null) { + $virtualNetworkElement.data("isNetwork", false); + $.ajax({ + data: createURL("command=listNetworkOfferings"), + dataType: "json", + async: false, + success: function(json) { + var networkOfferings = json.listnetworkofferingsresponse.networkoffering; + if (networkOfferings != null && networkOfferings.length > 0) { + for (var i = 0; i < networkOfferings.length; i++) { + if (networkOfferings[i].type == "Virtualized" && networkOfferings[i].isdefault) { + $virtualNetworkElement.data("id", networkOfferings[i].id); + } + } + } + } + }); + } else { + $virtualNetworkElement.data("isNetwork", true).data("id", virtualNetwork.id); + //$virtualNetworkElement.find("#network_virtual_name").text(virtualNetwork.name); + //$virtualNetworkElement.find("#network_virtual_desc").text(virtualNetwork.displaytext); + } + } + }); $vmPopup.find("#wizard_service_offering").click(); return false; @@ -832,8 +874,27 @@ function initVMWizard() { $thisPopup.find("#wizard_review_disk_offering").text(diskOfferingName); } - if (currentStepInVmPopup == 4) { //network - + if (currentStepInVmPopup == 4) { //network + var $virtualNetworkElement = $("#vm_popup #network_virtual_container"); + var isVirtualNetwork = $virtualNetworkElement.data("isNetwork"); + + if (!isVirtualNetwork) { + // hardcoded text for now + var networkName = "Virtual Network"; + var networkDesc = "A dedicated virtualized network for your account. The broadcast domain is contrained within a VLAN and all public network access is routed out by a virtual router."; + var id = $virtualNetworkElement.data("id"); + // Create a network from this. + $.ajax({ + data: createURL("command=createNetwork&networkOfferingId="+id+"&name="+todb(networkName)+"&displayText="+todb(networkDesc)+"&zoneId="+$thisPopup.find("#wizard_zone").val()), + dataType: "json", + async: false, + success: function(json) { + var network = json.createnetworkresponse.network; + $virtualNetworkElement.data("id", network.id); + $thisPopup.find("#wizard_review_network").text(networkName); + } + }); + } } if (currentStepInVmPopup == 5) { //last step @@ -850,7 +911,8 @@ function initVMWizard() { moreCriteria.push("&zoneId="+$thisPopup.find("#wizard_zone").val()); moreCriteria.push("&hypervisor="+$selectedVmWizardTemplate.data("hypervisor")); moreCriteria.push("&templateId="+$selectedVmWizardTemplate.data("templateId")); - moreCriteria.push("&serviceOfferingId="+$thisPopup.find("input:radio[name=service_offering_radio]:checked").val()); + moreCriteria.push("&serviceOfferingId="+$thisPopup.find("input:radio[name=service_offering_radio]:checked").val()); + moreCriteria.push("$network="+$thisPopup.find("#network_virtual_container").data("id")); var diskOfferingId, $diskOfferingElement; if ($thisPopup.find("#wiz_blank").hasClass("rev_wizmid_selectedtempbut")) { //ISO From e50842557ce2f51a3dbccea24876f9a41623edf5 Mon Sep 17 00:00:00 2001 From: will Date: Fri, 3 Dec 2010 17:26:21 -0800 Subject: [PATCH 28/70] Finalized changed to enable Virtual Networking in new network model. --- client/tomcatconf/commands.properties.in | 4 +- ui/scripts/cloud.core.instance.js | 116 +++++++++++------------ 2 files changed, 56 insertions(+), 64 deletions(-) diff --git a/client/tomcatconf/commands.properties.in b/client/tomcatconf/commands.properties.in index 709d78b795b..9ba071ca1ef 100755 --- a/client/tomcatconf/commands.properties.in +++ b/client/tomcatconf/commands.properties.in @@ -237,6 +237,6 @@ deleteNetworkOffering=com.cloud.api.commands.DeleteNetworkOfferingCmd;1 listNetworkOfferings=com.cloud.api.commands.ListNetworkOfferingsCmd;15 #### network commands -createNetwork=com.cloud.api.commands.CreateNetworkCmd;1 -deleteNetwork=com.cloud.api.commands.DeleteNetworkCmd;1 +createNetwork=com.cloud.api.commands.CreateNetworkCmd;15 +deleteNetwork=com.cloud.api.commands.DeleteNetworkCmd;15 listNetworks=com.cloud.api.commands.ListNetworksCmd;15 \ No newline at end of file diff --git a/ui/scripts/cloud.core.instance.js b/ui/scripts/cloud.core.instance.js index 311fbae4f9b..60e07b3c3aa 100644 --- a/ui/scripts/cloud.core.instance.js +++ b/ui/scripts/cloud.core.instance.js @@ -481,49 +481,7 @@ function initVMWizard() { $rootDiskOfferingContainer.html(html_all); //***** root disk offering: "custom", existing disk offerings in database (end) ********************************************************************* } - }); - - // Setup networks - $.ajax({ - data: createURL("command=listNetworks"), - dataType: "json", - async: false, - success: function(json) { - var networks = json.listnetworksresponse.network; - var virtualNetwork = null; - if (networks != null && networks.length > 0) { - for (var i = 0; i < networks.length; i++) { - if (networks[i].type == 'Virtualized') { - virtualNetwork = network[i]; - } - } - } - var $virtualNetworkElement = $("#vm_popup #network_virtual_container"); - - if (virtualNetwork == null) { - $virtualNetworkElement.data("isNetwork", false); - $.ajax({ - data: createURL("command=listNetworkOfferings"), - dataType: "json", - async: false, - success: function(json) { - var networkOfferings = json.listnetworkofferingsresponse.networkoffering; - if (networkOfferings != null && networkOfferings.length > 0) { - for (var i = 0; i < networkOfferings.length; i++) { - if (networkOfferings[i].type == "Virtualized" && networkOfferings[i].isdefault) { - $virtualNetworkElement.data("id", networkOfferings[i].id); - } - } - } - } - }); - } else { - $virtualNetworkElement.data("isNetwork", true).data("id", virtualNetwork.id); - //$virtualNetworkElement.find("#network_virtual_name").text(virtualNetwork.name); - //$virtualNetworkElement.find("#network_virtual_desc").text(virtualNetwork.displaytext); - } - } - }); + }); $vmPopup.find("#wizard_service_offering").click(); return false; @@ -875,26 +833,60 @@ function initVMWizard() { } if (currentStepInVmPopup == 4) { //network - var $virtualNetworkElement = $("#vm_popup #network_virtual_container"); - var isVirtualNetwork = $virtualNetworkElement.data("isNetwork"); + // Setup networks + // hardcoded text for now + var networkName = "Virtual Network"; + var networkDesc = "A dedicated virtualized network for your account. The broadcast domain is contrained within a VLAN and all public network access is routed out by a virtual router."; - if (!isVirtualNetwork) { - // hardcoded text for now - var networkName = "Virtual Network"; - var networkDesc = "A dedicated virtualized network for your account. The broadcast domain is contrained within a VLAN and all public network access is routed out by a virtual router."; - var id = $virtualNetworkElement.data("id"); - // Create a network from this. - $.ajax({ - data: createURL("command=createNetwork&networkOfferingId="+id+"&name="+todb(networkName)+"&displayText="+todb(networkDesc)+"&zoneId="+$thisPopup.find("#wizard_zone").val()), - dataType: "json", - async: false, - success: function(json) { - var network = json.createnetworkresponse.network; - $virtualNetworkElement.data("id", network.id); - $thisPopup.find("#wizard_review_network").text(networkName); + $.ajax({ + data: createURL("command=listNetworks&domainid="+g_domainid+"&account="+g_account+"&zoneId="+$thisPopup.find("#wizard_zone").val()), + dataType: "json", + async: false, + success: function(json) { + var networks = json.listnetworksresponse.network; + var virtualNetwork = null; + if (networks != null && networks.length > 0) { + for (var i = 0; i < networks.length; i++) { + if (networks[i].type == 'Virtualized') { + virtualNetwork = networks[i]; + } + } } - }); - } + var $virtualNetworkElement = $("#vm_popup #network_virtual_container"); + + if (virtualNetwork == null) { + $.ajax({ + data: createURL("command=listNetworkOfferings"), + dataType: "json", + async: false, + success: function(json) { + var networkOfferings = json.listnetworkofferingsresponse.networkoffering; + if (networkOfferings != null && networkOfferings.length > 0) { + for (var i = 0; i < networkOfferings.length; i++) { + if (networkOfferings[i].type == "Virtualized" && networkOfferings[i].isdefault) { + // Create a network from this. + $.ajax({ + data: createURL("command=createNetwork&networkOfferingId="+networkOfferings[i].id+"&name="+todb(networkName)+"&displayText="+todb(networkDesc)+"&zoneId="+$thisPopup.find("#wizard_zone").val()), + dataType: "json", + async: false, + success: function(json) { + var network = json.createnetworkresponse.network; + $virtualNetworkElement.data("id", network.id); + } + }); + } + } + } + } + }); + } else { + $virtualNetworkElement.data("id", virtualNetwork.id); + //$virtualNetworkElement.find("#network_virtual_name").text(virtualNetwork.name); + //$virtualNetworkElement.find("#network_virtual_desc").text(virtualNetwork.displaytext); + } + } + }); + $thisPopup.find("#wizard_review_network").text(networkName); } if (currentStepInVmPopup == 5) { //last step @@ -912,7 +904,7 @@ function initVMWizard() { moreCriteria.push("&hypervisor="+$selectedVmWizardTemplate.data("hypervisor")); moreCriteria.push("&templateId="+$selectedVmWizardTemplate.data("templateId")); moreCriteria.push("&serviceOfferingId="+$thisPopup.find("input:radio[name=service_offering_radio]:checked").val()); - moreCriteria.push("$network="+$thisPopup.find("#network_virtual_container").data("id")); + moreCriteria.push("&networkIds="+$thisPopup.find("#network_virtual_container").data("id")); var diskOfferingId, $diskOfferingElement; if ($thisPopup.find("#wiz_blank").hasClass("rev_wizmid_selectedtempbut")) { //ISO From 01d937ca5e497f5e088fa0c0f9eeeaefbe14b97a Mon Sep 17 00:00:00 2001 From: will Date: Fri, 3 Dec 2010 17:39:47 -0800 Subject: [PATCH 29/70] Removed old service offerings and enabled the new network framework. --- server/src/com/cloud/configuration/Config.java | 2 +- server/src/com/cloud/server/ConfigurationServerImpl.java | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index e866b8e6a8b..6e01477c2ba 100644 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -199,7 +199,7 @@ public enum Config { SSOAuthTolerance("Advanced", ManagementServer.class, Long.class, "security.singlesignon.tolerance.millis", "300000", "The allowable clock difference in milliseconds between when an SSO login request is made and when it is received.", null), NetworkType("Hidden", ManagementServer.class, String.class, "network.type", "vlan", "The type of network that this deployment will use.", "vlan,direct"), HashKey("Hidden", ManagementServer.class, String.class, "security.hash.key", null, "for generic key-ed hash", null), - UseNewNetwork("Hidden", NetworkManager.class, Boolean.class, "use.new.networking", "false", null, null); + UseNewNetwork("Hidden", NetworkManager.class, Boolean.class, "use.new.networking", "true", null, null); private final String _category; private final Class _componentClass; diff --git a/server/src/com/cloud/server/ConfigurationServerImpl.java b/server/src/com/cloud/server/ConfigurationServerImpl.java index 866e5b4e4f6..596026eec80 100644 --- a/server/src/com/cloud/server/ConfigurationServerImpl.java +++ b/server/src/com/cloud/server/ConfigurationServerImpl.java @@ -150,11 +150,11 @@ public class ConfigurationServerImpl implements ConfigurationServer { } // Save Direct Networking service offerings - createServiceOffering(User.UID_SYSTEM, "Small Instance, Direct Networking", 1, 512, 500, "Small Instance, Direct Networking, $0.05 per hour", false, false, false, null); - createServiceOffering(User.UID_SYSTEM, "Medium Instance, Direct Networking", 1, 1024, 1000, "Medium Instance, Direct Networking, $0.10 per hour", false, false, false, null); + createServiceOffering(User.UID_SYSTEM, "Small Instance", 1, 512, 500, "Small Instance, $0.05 per hour", false, false, false, null); + createServiceOffering(User.UID_SYSTEM, "Medium Instance", 1, 1024, 1000, "Medium Instance, $0.10 per hour", false, false, false, null); // Save Virtual Networking service offerings - createServiceOffering(User.UID_SYSTEM, "Small Instance, Virtual Networking", 1, 512, 500, "Small Instance, Virtual Networking, $0.05 per hour", false, false, true, null); - createServiceOffering(User.UID_SYSTEM, "Medium Instance, Virtual Networking", 1, 1024, 1000, "Medium Instance, Virtual Networking, $0.10 per hour", false, false, true, null); + //createServiceOffering(User.UID_SYSTEM, "Small Instance", 1, 512, 500, "Small Instance, Virtual Networking, $0.05 per hour", false, false, true, null); + //createServiceOffering(User.UID_SYSTEM, "Medium Instance", 1, 1024, 1000, "Medium Instance, Virtual Networking, $0.10 per hour", false, false, true, null); // Save default disk offerings createDiskOffering(DomainVO.ROOT_DOMAIN, "Small", "Small Disk, 5 GB", 5, null); createDiskOffering(DomainVO.ROOT_DOMAIN, "Medium", "Medium Disk, 20 GB", 20, null); From a1573350f9cb8839c1a2546776f5bb6128005a77 Mon Sep 17 00:00:00 2001 From: will Date: Fri, 3 Dec 2010 18:07:36 -0800 Subject: [PATCH 30/70] Defaulted "No Thanks" as the data disk offering. --- ui/jsp/instance.jsp | 2 +- ui/scripts/cloud.core.instance.js | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/ui/jsp/instance.jsp b/ui/jsp/instance.jsp index 54cd50b78b1..cf1216b659d 100644 --- a/ui/jsp/instance.jsp +++ b/ui/jsp/instance.jsp @@ -875,7 +875,7 @@ diff --git a/ui/scripts/cloud.core.instance.js b/ui/scripts/cloud.core.instance.js index 60e07b3c3aa..177404331be 100644 --- a/ui/scripts/cloud.core.instance.js +++ b/ui/scripts/cloud.core.instance.js @@ -429,7 +429,6 @@ function initVMWizard() { //"no, thanks" radio button (default radio button in data disk offering) var $t = $doTemplateNo.clone(); $t.find("input:radio").attr("name","data_disk_offering_radio"); - $t.find("#name").text("no, thanks"); $dataDiskOfferingContainer.append($t.show()); //disk offerings from database @@ -442,7 +441,7 @@ function initVMWizard() { $t = $doTemplateExisting.clone(); $t.data("jsonObj", offerings[i]).attr("id", "do"+offerings[i].id); - $t.find("input:radio").attr("name","data_disk_offering_radio").attr("checked", "").val(fromdb(offerings[i].id)); + $t.find("input:radio").attr("name","data_disk_offering_radio").removeAttr("checked").val(fromdb(offerings[i].id)); $t.find("#name").text(fromdb(offerings[i].name)); $t.find("#description").text(fromdb(offerings[i].displaytext)); $dataDiskOfferingContainer.append($t.show()); From 01fe5bad745c176c442621a5eae60ff425467aa8 Mon Sep 17 00:00:00 2001 From: anthony Date: Fri, 3 Dec 2010 18:42:49 -0800 Subject: [PATCH 31/70] remove find_bond --- cloud.spec | 2 -- debian/cloud-premium.install | 1 - 2 files changed, 3 deletions(-) diff --git a/cloud.spec b/cloud.spec index badaca07d0c..81d45fa94da 100644 --- a/cloud.spec +++ b/cloud.spec @@ -453,7 +453,6 @@ fi # maintain the following list in sync with files agent-scripts %if %{_premium} %exclude %{_libdir}/%{name}/agent/scripts/vm/hypervisor/xenserver/check_heartbeat.sh -%exclude %{_libdir}/%{name}/agent/scripts/vm/hypervisor/xenserver/find_bond.sh %exclude %{_libdir}/%{name}/agent/scripts/vm/hypervisor/xenserver/launch_hb.sh %exclude %{_libdir}/%{name}/agent/scripts/vm/hypervisor/xenserver/setup_heartbeat_sr.sh %exclude %{_libdir}/%{name}/agent/scripts/vm/hypervisor/xenserver/vmopspremium @@ -596,7 +595,6 @@ fi %{_datadir}/%{name}/setup/create-schema-premium.sql # maintain the following list in sync with files agent-scripts %{_libdir}/%{name}/agent/scripts/vm/hypervisor/xenserver/check_heartbeat.sh -%{_libdir}/%{name}/agent/scripts/vm/hypervisor/xenserver/find_bond.sh %{_libdir}/%{name}/agent/scripts/vm/hypervisor/xenserver/launch_hb.sh %{_libdir}/%{name}/agent/scripts/vm/hypervisor/xenserver/setup_heartbeat_sr.sh %{_libdir}/%{name}/agent/scripts/vm/hypervisor/xenserver/vmopspremium diff --git a/debian/cloud-premium.install b/debian/cloud-premium.install index db394b490fa..8dd767e7782 100644 --- a/debian/cloud-premium.install +++ b/debian/cloud-premium.install @@ -6,7 +6,6 @@ /usr/share/cloud/setup/create-schema-premium.sql /usr/lib/cloud/agent/vms/systemvm-premium.iso /usr/lib/cloud/agent/scripts/vm/hypervisor/xenserver/check_heartbeat.sh -/usr/lib/cloud/agent/scripts/vm/hypervisor/xenserver/find_bond.sh /usr/lib/cloud/agent/scripts/vm/hypervisor/xenserver/launch_hb.sh /usr/lib/cloud/agent/scripts/vm/hypervisor/xenserver/setup_heartbeat_sr.sh /usr/lib/cloud/agent/scripts/vm/hypervisor/xenserver/vmopspremium From 54e53f2037c40805b4e29a0e6b1a2a1be8d68bfd Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Fri, 3 Dec 2010 18:53:48 -0800 Subject: [PATCH 32/70] Domain page - implement DeleteDomain API. --- ui/jsp/domain.jsp | 2 +- ui/scripts/cloud.core.domain.js | 122 +++++++++++++++++++++++++++----- 2 files changed, 106 insertions(+), 18 deletions(-) diff --git a/ui/jsp/domain.jsp b/ui/jsp/domain.jsp index 2ec79eb8df2..ff37bee8915 100644 --- a/ui/jsp/domain.jsp +++ b/ui/jsp/domain.jsp @@ -43,7 +43,7 @@
(title)
-